Research projects

In the project AICAS (FKZ 16KIS1064), which runs from November 2019 to September 2021 and is funded by the BMBF, the topic of AI-assisted detection of security incidents was addressed.

Under the funding guideline "German-Israeli Cooperation in the Research Fields of Civil Security and IT Security", two leading industrial partners in this field, Rhebo GmbH from Leipzig and Radiflow Ltd from Tel Aviv, were involved in addition to Fraunhofer IOSB and Fraunhofer IOSB-AST. The aim of the project was to test the use of AI for intrusion detection systems (IDS) and to evaluate it on the basis of various use cases and scenarios in the domains of "industrial production" and "energy supply".

In the research project, different machine learning methods were investigated and evaluated for their applicability to anomaly detection in industrial environments. These included anomaly and attack detection based on network traffic, as well as on recordings from monitoring solutions and other sources of information such as log files. The primary goal within the project, besides the detection of attacks or anomalies, was the classification and assignment to known attack methods. For this purpose, two testbeds were designed and implemented within the project which could provide exemplary, realistic data sets for the development and testing of AI methods for the two domains "industrial production" and "energy supply". For data generation, known attack patterns and techniques were defined as scenarios and implemented within the testbeds.

Based on these datasets of various IT attacks, the commercial systems of the industry partners could be tested in the lab environment and their behavior could be included for downstream AI approaches for classification. As a result of the AICAS project, the generated datasets will be published and can be used as benchmark datasets for e.g. system vendors. Furthermore, with the data generator realized in the project, it is possible to create data sets specifically adapted to the requirements of industrial customers from the aforementioned domains for the most diverse attack scenarios and techniques.

Despite high requirements within the framework of legal regulations such as the IT Security Act or the introduction of IT security management systems (ISMS), energy suppliers remain the focus of cyber attacks. Network control centers, which are responsible for secure network operation, are particularly sensitive. Thousands of data and measured values are analyzed in these control rooms every day, critical operating situations are detected and appropriate switching and control processes are derived. If an attacker gains access from outside and, for example, intentionally manipulates measured values, this can lead to incorrect switching actions and even to a blackout as a worst-case scenario.

In a previous project, AI methods were already developed for automatic fault detection as well as for the detection of critical network states (line failures, power plant outages) based on so-called PMU sensors. In the research project "Digital-Twin-centric Services and Applications for Dynamic Operation and Protection of the Future Energy Supply System" (HyLITE FKZ 0350034), funded by the German Federal Ministry of Economics and Climate Protection (BMWK), this approach has now been further developed to cover the entire network traffic including transmitted PMU and SCADA measurements between the grid and control system, a particularly sensitive area in grid operation. Project partners are the Technical University of Ilmenau (Department of Electrical Power Supply), SIEMENS AG and the Fraunhofer Institute for Factory Operation and Automation IFF.

Taking into account the latest developments in network control technology and the increasing use of digital twins, a threat analysis was first conducted for the underlying system architecture. Based on this, a new approach was developed at Fraunhofer IOSB-AST, which automatically monitors all network and process information between the network and control system in real time and checks it for manipulation. The result is an AI-supported, intelligent monitoring solution for network control systems, which first automatically learns the normal behavior at the measurement and communication level. The software can detect not only the current operating situation and technical failures or faults, but also anomalies in the measured values or data traffic between the electrical network and the control system. This makes it possible for the operator in charge to monitor network operation and the communications equipment used in real time. It is accessed via a real-time web-based visualization that provides a quick overview of the AI-based anomaly assessments.

The AI-based monitoring solution was successfully tested within the laboratory environment at Fraunhofer IOSB-AST using real-time simulations. In addition to various operating situations and technical faults, IT attacks on common transmission protocols such as IEC 61850 or IEEE C37.118 can be simulated as well as their effects on dynamic network operation investigated.In a previous project, AI methods for automatic fault detection as well as for the detection of critical network states (line failures, power plant outages) based on so-called PMU sensors were already developed. In the research project "Digital-Twin-centric Services and Applications for Dynamic Operation and Protection of the Future Energy Supply System" (HyLITE), funded by the German Federal Ministry of Economics and Climate Protection (BMWK), this approach has now been further developed to cover the entire network traffic including transmitted PMU and SCADA measurements between the grid and control system, a particularly sensitive area in grid operation. Project partners are the Technical University of Ilmenau (Department of Electrical Power Supply), SIEMENS AG and the Fraunhofer Institute for Factory Operation and Automation IFF.

Taking into account the latest developments in network control technology and the increasing use of digital twins, a threat analysis was first conducted for the underlying system architecture. Based on this, a new approach was developed at Fraunhofer IOSB-AST, which automatically monitors all network and process information between the network and control system in real time and checks it for manipulation. The result is an AI-supported, intelligent monitoring solution for network control systems, which first automatically learns the normal behavior at the measurement and communication level. The software can detect not only the current operating situation and technical failures or faults, but also anomalies in the measured values or data traffic between the electrical network and the control system. This makes it possible for the operator in charge to monitor network operation and the communications equipment used in real time. It is accessed via a real-time web-based visualization that provides a quick overview of the AI-based anomaly assessments.

The AI-based monitoring solution was successfully tested within the laboratory environment at Fraunhofer IOSB-AST using real-time simulations. In addition to various operating situations and technical faults, IT attacks on common transmission protocols such as IEC 61850 or IEEE C37.118 can be simulated as well as their effects on dynamic network operation investigated.

On July 01, 2021, the joint project PROTECT funded by the BMWi started (FKZ 03EI6054). Under the consortium leadership of Fraunhofer IOSB-AST, EAM Netz GmbH Kassel, eoda GmbH and Zittau/Görlitz University of Applied Sciences are involved in the development of an AI-based firewall for energy suppliers.

In the research project, methods for AI-based detection of anomalies in the network traffic of energy utilities are to be developed, thus bringing previous firewall solutions to a new level of IT attack detection. Not only the area of business IT, but also process IT will be considered. This area still poses a greater challenge in many utilities with regard to the secure monitoring of network traffic. By using artificial intelligence, it should be possible for utilities to detect a large proportion of attacks securely and automatically and to implement defense mechanisms automatically by adapting firewall rules. At the same time, the number of false alarms is to be significantly reduced.

Forest health is threatened by many factors. Besides global warming, forest fires and pest infestations are among the greatest threats. As part of the 5G Forest Guard project (FKZ 45FGU108_G), a new technological and methodological approach is being tested that will make it possible to detect both forest fires and pest infestations in the formation phase. This should enable fire departments and forest owners to take appropriate countermeasures at an early stage and thus minimize potential damage to the forest. The concept includes two complementary applications for forest fire source identification and bark beetle detection.

To identify a potential forest fire source, the project area will be monitored using stationary and mobile camera technology in different spectral ranges. In addition to existing fire watch towers, UAVs will be equipped with appropriate technology. Image and thermal data will be collected at regular intervals and stored on a server. As soon as the data is received there, it is automatically examined on the server using AI algorithms with regard to any deviations from the "normal state". The project area is further equipped with sensor technology. The deviations detected can thus be compared with the data from the sensors. At the same time, a UAV goes to the location of the potential fire source and continuously collects up-to-date data. If the AI detects a potential source of fire in the deviation, corresponding information is issued to the fire department for a decision on further measures. The subsequent firefighting operation can then be monitored using the technology on the UAVs.

The same technology and data infrastructure are used to detect bark beetle infestations. However, image data from multiple spectral regions are processed here. Using the red edge method, a deviation of the chlorophyll content in the trees can be detected. Special sensor technology that detects odors indicating bark beetle infestation can support this system. In the end, the forest owner receives information on the potential infestation. This methodology can indicate an infestation earlier and in a more targeted manner than the visual examination by forestry staff during a forest inspection, which is common today.

Both applications are characterized by their ability to detect the threat earlier than conventional methods. This enables the timely effect of appropriate control approaches and the minimization of damage to the forest. The overall concept includes the use of already existing infrastructures (e.g. fire watchtowers), which are optimized in terms of their technical equipment for the project purposes. The success of the project depends on stable high bit-rate data transmission. The 5G Forest Guard project therefore relies consistently and without alternative on 5G.

The 5G standard is designed for industrial and business use cases. Advantages such as the high data rate, very low latency or low energy consumption (relative to the amount of data) are always emphasized. In the project, the measurement data from a large number of sensors are the basis for data evaluation and are therefore essential for decision-making to take action (e.g. sending out the fire department in the event of a detected forest fire). Fundamentally, therefore, sensors significantly influence the decisions made and the behavior of personnel based on them, as well as the control and coordination of resulting actions. Availability, integrity and confidentiality of sensor data are therefore the protection goals to be achieved in the context of information security.

The focus of Fraunhofer IOSB-AST in the project work is on the security aspects. On the one hand, this means the secure integration of the sensors and sensor data. It is examined which measures are necessary and feasible within the framework of the requirements in order to counteract misuse of these. On the other hand, securing the data communication between the drone and the base station is necessary. In the application context, for example, direct access to the drone is envisaged (image data, position) as well as the connection of terminal stations to a central evaluation server for the purpose of data updates. High security standards must also be met for real-time control of the drone over long distances. It is therefore being evaluated which security features are already included in the 5G standard and for which use cases they are suitable. In addition, established IT security measures will be analyzed and integrated into the system, especially with regard to available resources and performance parameters.

Funding is provided as part of the 5G Innovation Competition of the Federal Ministry of Digital Affairs and Transport (BMDV). The 5G Forest Guard project builds on the cooperation of various partners with different core competencies and is composed of administration, companies and research institutions in an interdisciplinary manner. These include the district of Görlitz as consortium leader, Fraunhofer IOSB-AST, Zittau/Görlitz University of Applied Sciences, Brandenburg University of Technology Cottbus - Senftenberg (BTU) and GGS - Geotechnik, Geoinformatik & Service GmbH. In addition to these project partners, two mobile communications companies, Telekom and Vodafone, have been acquired as associated partners. Furthermore, the military training area Oberlausitz supports the project, among other things by providing the project area.

The BMBF project reDesigN (Resilience by Design for IoT data platforms using the example of distributed energy management, FKZ: 01IS18074D), launched in May 2019, addresses resilience aspects in the smart metering use case with a focus on the central energy management system (EMS).

Based on an architecture description derived from the intended smart meter rollout, Fraunhofer IOSB-AST together with the project partners from Ilmenau University of Technology, EFR GmbH and Cuculus GmbH considers different aspects of data processing with the goal of resilient energy management. Based on a comprehensive threat analysis with the identification of the existing communication architecture and possible disruption and failure scenarios, an EMS hardened to it is designed that detects anomalies and adapts the methods for forecasting and optimization to them.

In terms of IT security, the use case of the project with the connection of a smart meter architecture with the coupling to a central EMS via public networks represents a special challenge. The security aspects required by the BSI for the communication and the components of the smart metering infrastructure serve as a basis for identifying possible failure scenarios. Within the project reDesigN, possible impacts of the identified threats and failures are considered and countermeasures to increase resilience are proposed.

The BMBF-funded project RESIST (FKZ 03SF0637), led by Fraunhofer EMI, started in 2021 as a collaboration between the Fraunhofer Institutes EMI, ISE, IEE, IEG and IOSB-AST. Focusing on the resilience of our power grids, the project partners are exploring methods to assess the vulnerability and resilience of power grids.

Especially the power supply in Germany is currently still a strongly hierarchically (top-down) structured and massively regulated system. A few vital transmission networks ensure reliable and stable power supply at the regional and local level. If an outage occurs, many people and businesses are affected. Against this background, how do you plan and operate a resilient power supply for the future? The answer to this question requires a high degree of system competence that coherently links technological, economic and regulatory issues.

The overall goal of RESIST is to increase the resilience of the power supply. In this context, resilience is to be integrated and made measurable in all phases of the upcoming transformation towards the energy turnaround, presented in real time, and options for action to optimize system resilience across critical phases are to be identified.

As a result, RESIST is developing two planning and management tools as well as technical enhancements for core components to increase power system resilience. The resilience monitor enables real-time resilient operations management and can minimize technical and financial damage by forecasting damage scenarios. The strategic planning tool allows the implementation of a resilient-by-design approach to the long-term transformation of the power grid.

Identified failure and disruption scenarios of the power grids form the basis for the work in the project and also lead to a strong focus of IT security through possible attacks on the power grid. Fraunhofer IOSB-AST is investigating the digital (substation) in detail as a critical part of current and future power grids. For highly networked and digitized systems, one speaks of the need for cyber resilience as the next step in IT security. For this, decentralized methods for resilience and security assessment are being researched with the combination of AI-based detection methods of IT attacks.