Knowledge-based learning models                                             

 WP leader: Vasileios Gkioulos, NTNU

Each qualified BAD pattern is translated into a knowledge representation (linked to attack type and potential consequence) and these representations are used to create knowledge-based learning models. These models shall discover new/alternative BAD patterns from the recorded results from WP3 (event patterns / relations linking cause and consequence), and hence extract additional knowledge, adding dependencies that are missing from the BBN-based models. Such dependencies may come from hidden relations, a particular challenge in the OT part.

Tasks:

• A4.1: Literature study to identify relevant learning methods.
• A4.2: Extract knowledge from each BAD pattern developed in WP3 by translating the BAD pattern into a step-by-step description model using Bayesian Belief Network (BBN) or similar statistical methods.
• A4.3: Extend the models (manually) with 3-5 alternative variations for each step described in A3.1.
• A4.4: Explore alternative variations (exhaustive search) for each step (event) for each BAD pattern. Applicable methods for this may be system and physics based predictive methods, BBN and Petri-nets with process mining.
• A4.5: Extract alternative BAD patterns from the extended models and create a knowledge-based learning model from the BAD pattern set, for detection of new types of threats/attacks.