e & i Elektrotechnik und Informationstechnik

, Volume 135, Issue 3, pp 278–285 | Cite as

Countering targeted cyber-physical attacks using anomaly detection in self-adaptive Industry 4.0 Systems

  • Giuseppe Settanni
  • Florian SkopikEmail author
  • Markus Wurzenberger
  • Roman Fiedler


This paper presents a novel approach to flexibly control the depth of monitoring applied to CPS-enabled safety-critical infrastructures, to timely detect deviations from the desired operational status, and discusses how the application of anomaly detection (AD) techniques can be further leveraged to automatically adapt the security controls of the infrastructure itself.


security monitoring log data anomaly detection security metrics self-adaptive system 

Abwehr zielgerichteter cyber-physischer Angriffe mittels Anomalie-Erkennung in selbstadaptiven Industrie-4.0-Systemen


Dieser Beitrag stellt einen neuartigen Ansatz zur flexiblen Steuerung des Grades der Überwachung in CPS-fähigen sicherheitskritischen Infrastrukturen vor, um Abweichungen vom gewünschten Betriebszustand rechtzeitig zu erkennen, und diskutiert, wie die Anwendung von Anomalie-Erkennungstechniken genutzt werden kann, um die Sicherheitskontrollen der Infrastruktur automatisch anzupassen.


Sicherheitsüberwachung Log-Daten Anomalie-Erkennung Sicherheits-Metriken selbstadaptive Systeme 



This work was partly funded by the Austrian FFG research project synERGY (855457) and the European ECSEL project SEMI 4.0 (692466).


  1. 1.
    Arcaini, P., Riccobene, E., Scandurra, P. (2015): Modeling and analyzing MAPE-K feedback loops for self-adaptation. In Proceedings of the 10th international symposium on software engineering for adaptive and self-managing systems (pp. 13–23). New York: IEEE Press. Google Scholar
  2. 2.
    Chandola, V., Banerjee, A., Kumar, V. (2009): Anomaly detection: a survey. ACM Comput. Surv., 41(3), 15. CrossRefGoogle Scholar
  3. 3.
    Hankel, M., Rexroth, B. (2015): The reference architectural model Industrie 4.0 (RAMI 4.0). Frankfurt a. M.: ZVEI. Google Scholar
  4. 4.
    Industrial Internet Consortium (2016): Industrial internet of things, vol. G4: security framework. Needham: Industrial Internet Consortium. Google Scholar
  5. 5.
    Kephart, J. O., Chess, D. M. (2003): The vision of autonomic computing. Computer, 36(1), 41–50. MathSciNetCrossRefGoogle Scholar
  6. 6.
    Lasi, H., Fettke, P., Kemper, H.-G., Feld, T., Hoffmann, M. (2014): Industry 4.0. Bus. Inf. Syst. Eng., 6(4), 239. CrossRefGoogle Scholar
  7. 7.
    Liebi, M. (2016): Industry 4.0 and the impact on cybersecurity. Bern: United Security Providers. Google Scholar
  8. 8.
    Ma, Z., Hudic, A., Shaaban, A., Plosz, S. (2017): Security viewpoint in a reference architecture model for cyber-physical production systems. In 2017 IEEE European symposium on security and privacy workshops, EuroS&PW (pp. 153–159). New York: IEEE Press. CrossRefGoogle Scholar
  9. 9.
    Muccini, H., Sharaf, M., Weyns, D. (2016): Self-adaptation for cyber physical systems: a systematic literature review. In Proceedings of the 11th international symposium on software engineering for adaptive and self-managing systems (pp. 75–81). New York: ACM. Google Scholar
  10. 10.
    Musil, A., Musil, J., Weyns, D., Bures, T., Muccini, H., Sharaf, M. (2017): Patterns for self-adaptation in cyber-physical systems. In Multi-disciplinary engineering for cyber-physical production systems (pp. 331–368). Berlin: Springer. CrossRefGoogle Scholar
  11. 11.
    Om, H., Kundu, A. (2012): A hybrid system for reducing the false alarm rate of anomaly intrusion detection system. In 2012 1st international conference on recent advances in information technology. RAIT (pp. 131–136). New York: IEEE Press. Google Scholar
  12. 12.
    Pereira, T., Barreto, L., Amaral, A. (2017): Network and information security challenges within Industry 4.0 paradigm. Proc. Manuf., 13, 1253–1260. Google Scholar
  13. 13.
    Settanni, G., Skopik, F., Karaj, A., Wurzenberger, M., Fiedler, R. (2018): Protecting cyber physical production systems using anomaly detection to enable self-adaptation. In 1st IEEE international conference on industrial cyber physical systems, ICPS 2018 (pp. 173–180). New York: IEEE Press. Google Scholar
  14. 14.
    Skopik, F. (2017): Collaborative cyber threat intelligence: detecting and responding to advanced cyber attacks at the national level. Boca Raton: CRC Press. Google Scholar
  15. 15.
    Tauber, M., Kirby, G., Dearle, A. (2010): Self-adaptation applied to peer-set maintenance in chord via a generic autonomic management framework. In 2010 fourth IEEE international conference on self-adaptive and self-organizing systems workshop, SASOW (pp. 9–16). New York: IEEE Press. CrossRefGoogle Scholar
  16. 16.
    Thonnard, O., Bilge, L., OGorman, G., Kiernan, S., Lee, M. (2012): Industrial espionage and targeted attacks: understanding the characteristics of an escalating threat. In International workshop on recent advances in intrusion detection (pp. 64–85). Berlin: Springer. Google Scholar
  17. 17.
    Wurzenberger, M., Skopik, F., Settanni, G., Fiedler, R. (2018): AECID: a self-learning anomaly detection approach based on light-weight log parser models. In 4th international conference on information systems security and privacy, ICISSP 2018, January 22–24, 2018. Funchal, Madeira, Portugal. Setubal: INSTICC. Google Scholar

Copyright information

© Springer-Verlag GmbH Austria, ein Teil von Springer Nature 2018

Authors and Affiliations

  • Giuseppe Settanni
    • 1
  • Florian Skopik
    • 1
    Email author
  • Markus Wurzenberger
    • 1
  • Roman Fiedler
    • 1
  1. 1.Center for Digital Safety and SecurityAIT Austrian Institute of TechnologyViennaAustria

Personalised recommendations