E LEKTROTEHNIŠKI VESTNIK 91(3): 73-94, 2024

O VERVIEW S CIENTIFIC P APER

A safer future: Leveraging the AI power to improve the

cybersecurity in critical infrastructures

Mojca Volk
Univerza v Ljubljani, Fakulteta za elektrotehniko, Tržaška cesta 25, 1000 Ljubljana, Slovenija
E-pošta: [email protected]

Abstract. In the intricate landscape of the cybersecurity, critical infrastructures represent the most vital systems
underpinning the societal and economic wellbeing, with their disruption or incapacitation having potentially
catastrophic consequences. The increasing complexity, digitalization and interconnectedness of these systems have
rendered them susceptible to a broad spectrum of risks challenging the existing paradigm of the safety and security.
Thus, securing critical infrastructures against the escalating cybersecurity threats has become an essential yet
extremely challenging endeavour. In the light of these considerations, the paper offers a deeper understanding of
the dynamic, adaptive and intelligence-driven approaches in the cyber defence that leverage the AI power, thus
representing a transformative innovation with a potential to redefine the security strategies and frameworks in
critical infrastructures. The cybersecurity threats and vulnerabilities are addressed and the existing and emerging
approaches and best practices in the sector-specific intrusion detection and prevention systems and deception
technology are investigated, followed by an in-depth study of AI applications in the cyber defence. This includes
the current approaches and early best practices complemented by a discussion on advanced topics, such as
explainable and adversarial AI. Finally, guidelines are drafted to inform and provide guidance on the introduction
of the AI applications for the cyber defence purposes in critical infrastructures.

Keywords: Critical infrastructure (CI), cybersecurity, artificial intelligence (AI), deception technology

Varnejša prihodnost: Izboljšava kibernetske varnosti 1 INTRODUCTION

kritičnih infrastruktur s pomočjo umetne inteligence
Kritične infrastrukture predstavljajo v kontekstu kibernetske As the modern world harnesses the benefits of
varnosti vitalne sisteme, ki gradijo temelje družbene in ekonomske digitalization and emerging technologies, nations and
blaginje. Zaradi naraščajoče kompleksnosti, digitalizacije in people are becoming increasingly dependent on a safe
medsebojne povezanosti so ti sistemi vedno bolj dovzetni za širok and resilient operation of critical infrastructures (CI),
spekter tveganj, uspešni kibernetski napadi nanje pa lahko
which in turn have taken over a fundamental and
povzročijo katastrofalne posledice. Posledično je zaščita kritičnih
infrastruktur in njihova odpornost na intenzivno rastoč spekter irreplaceable role in sustaining the functioning of modern
kibernetskih groženj danes bistvenega pomena, obenem pa societies. CIs are the backbone of essential services,
predstavlja vedno bolj kompleksen in večstranski izziv. V luči teh providing the necessary foundation for the economic and
premislekov si ta članek prizadeva vzpostaviti globlje razumevanje social security, public health, and safety of a nation [1].
dinamičnih, prilagodljivih in z inteligenco podprtih pristopov v CIs include physical and virtual systems, assets,
kibernetski obrambi, ki za svoje delovanje izkoriščajo moč umetne
inteligence. Slednja predstavlja transformativno inovacijo s
networks and services, and encompass a diverse range of
pomembnim potencialom za redefinicijo varnostnih strategij v sectors, including energy infrastructures, transportation
kritičnih infrastrukturah. Članek naslovi področje kibernetskih systems (airports, highways, and railways), water supply
tveganj in ranljivosti kritičnih infrastruktur in razišče nove pristope and waste management facilities, communication
in primere iz prakse na področju sektorsko-specifičnih sistemov za systems, healthcare facilities, financial institutions,
zaznavanje in preprečevanje vdorov ter tehnologij zavajanja. emergency services, and defence. The increasing
Podrobno analizira možne aplikacije umetne inteligence v okviru
kibernetske obrambe, vključno z ilustracijo prvih primerov iz complexity, digitalization and interconnectedness have
prakse in diskusijo odprtih raziskovalnih vprašanj, kot sta na primer rendered them susceptible to a broad spectrum of risks,
razložljiva in sovražna umetna inteligenca. Na podlagi challenging the existing paradigm of the safety and
vzpostavljenega razumevanja nato predlaga izhodišča, ki usmerjajo security. Safeguarding the CIs’ resilience and security
in informirajo vpeljavo aplikacij umetne inteligence za kibernetsko has become paramount, making them a prime focus for
obrambo v kritične infrastrukture.
research and innovation.
Ključne besede: Kritična infrastruktura, kibernetska varnost, The cybersecurity emerges as a particularly daunting
umetna inteligenca, tehnologije zavajanja challenge within this context. The progressive

Received 22 April 2024

Accepted 2 June 2024
74 VOLK

digitalization and integration of CIs with the information review of the applicable cyber defence strategies and
systems and emerging technologies create space for an technologies illustrated with known best practices from
ever evolving and increasingly complex landscape of the different CI sectors. Section 4 delves deeper into the
cybersecurity vulnerabilities. The expanse of the attack adoption of AI in the CI cyber defence, focusing on
surface grows with each newly adopted ICT technology, technological aspects and early real-world examples.
such as Industrial Control Systems (ICS), Unmanned Section 5 discusses advanced topics and outstanding
Aerial Vehicles (UAVs), autonomous systems, Internet research challenges. Section 6 details the guidelines
of Things (IoT), as well as the advanced technologies drafted based on the current knowledge and best practices
such as Artificial Intelligence (AI) [1][2]. The cyber to inform and steer CI operators in introducing AI
threats exhibit a diverse range of actors, motivations, and applications for the CI cyber protection purposes. Section
attack vectors. State-sponsored adversaries, criminal 7 draws conclusions of the presented work.
organizations, hacktivists, and even insider threats have
demonstrated their ability to exploit vulnerabilities and 2 CI CYBERSECURITY THREAT LANDSCAPE
launch targeted cybersecurity attacks against networks,
systems, and personnel. The ramifications of the Compared to the cyber attacks observed in the IT
cybersecurity attacks can be far-reaching, ranging from systems, the cyber attacks targeting CIs exhibit certain
data breaches and information theft to disruption of complexities and consequences, likely to be contributed
command-and-control systems, malfunctions of the to the prevailing trend in CI of the converging operational
logistics, manipulation of CI, and even the compromise technology (OT) and traditional information technology
of the national security. Although in place, the traditional (IT) environments (see Figure 1). Such infrastructures,
cyber defence mechanisms are often outpaced by the including power plants, transportation systems and water
agility of the cyber threats that evolve continuously, treatment facilities, rely on specialized systems for their
thereby necessitating a more dynamic, adaptive, and operation, such as Supervisory Control and Data
intelligence-driven approach to safeguard these essential Acquisition (SCADA), Industrial Internet of Things
systems. (IIoT) and ICS systems. These systems merge the legacy
In the light of these considerations, AI presents a and modern technologies to manage physical processes
transformative innovation with a potential to redefine the in the infrastructure, and have not always been designed
security strategies and frameworks for CI. The AI’s with the cybersecurity in mind, making them particularly
ability to analyse large volumes of data at an vulnerable to attacks that could lead not only to data
unprecedented speed enables the identification of the breaches, but also to a physical damage and disruption of
potential cyber threats before they materialize. The essential services [3]. This includes the use of insecure
Machine Learning (ML) algorithms in particular can protocols and interfaces with a lack of encryption and
evolve in response to past incidents and emerging threats insufficient authentication measures, insufficient OT
and provide predictive insights that human operators may network monitoring, absence of the network
not discern. Automation of monitoring and maintenance segmentation, software security issues, such as Windows
operations using AI can significantly diminish the and Linux operating system vulnerabilities, or outdated
likelihood of the human error and oversight and reduce equipment, lack of the access control in real-time OT
the window of opportunity for the cyber attackers to solutions, invisibility of the devices, etc. [1]. Secondly,
exploit vulnerabilities. in addition to the IT-OT convergence, modern CIs are
The paper offers a deeper understanding of the progressively adopting the state of the art and emerging
vulnerabilities and threats CI is exposed to. It technologies, such as mobile communication networks,
summarizes the cybersecurity attack types and provides cloud infrastructure and IIoT, leading to an increased
illustrative examples of major incidents observed in the interconnectedness and exposure of critical services and
past decades. It provides a review of the cyber defence capabilities. As a result, CIs themselves are becoming
technologies, methods, best practices and strategies as increasingly interconnected. This further expands the
observed in different CI types, focusing on sector- attack surface and amplifies the potential for the
specific applications, followed by an in-depth cascading failures and devastating damage. Energy-
investigation of the necessary yet challenging related CIs are specifically illustrative of this
introduction of AI to the cyber defence. It focuses on the vulnerability where a failure of a smart grid can cause
early AI best practices and illustrative examples and outages, failures as well as physical and virtual damage
discusses advanced topics and emerging research in almost all other CIs. Such multi-faceted exposure of
avenues. This knowledge is gathered in order to analyse CIs provides ample opportunities for the attackers to
and establish an understanding of the types of threats the exploit vulnerabilities, particularly in parts of the
CI is exposed to through the adoption of AI, and to draft infrastructure that provide a real-time control and
a guidance for CI operators on mitigation and protection monitoring of CI to maintain its efficiency, stable
possibilities. operation, safety and reliability, thus having the
The remainder of the paper is organized as follows. capability to cause severe damage or disruption of critical
Section 2 discusses the CI cybersecurity landscape and services [2].
the types of cyber attacks on CI. Section 3 provides a
75 SAFER FUTURE: LEVERAGING THE POWER OF AI TO IMPROVE CYBERSECURITY IN CRITICAL INFRASTRUCTURES

IT OT
Asset management Data and digital Operation of physical Legacy systems
SaaS/PaaS/DaaS information processes and specialized External data
Networks equipment SCADA
Internet ICS
Web-based solutions IIoT
Business data Actuators
Cloud infrastructure Embedded technologies

Figure 1. Integration of the IT and OT environments in CI.

In consequence, there is a progressive increase in the their goals and mechanics are summarized in Table 1
number and variety of the cyber attacks on CI, which is [6][7].
highly concerning. Both the number and sophistication of According to the European Union Agency for
the cyber attacks targeting the OT systems in particular Cybersecurity (ENISA), 2022 and 2023 have seen a
are fast advancing [4][5] and each individual CI sector is notable escalation in the cybersecurity attacks on CI, both
continuously challenged by a plethora of emerging in terms of the variety and number of incidents as well as
threats specific to their domain. The technologies and their consequences, with ransomware and Distributed
methods used to execute a cyber attack on CI are diverse Denial of Service (DDoS) attacks representing over 50 %
and multifaceted. The prevailing threats include the IT of all the detected cyber attacks [6]. The Center for
and OT malware that typically exploit network security Strategic and International Studies (CSIS) [8] maintains
vulnerabilities and social engineering to gain access and a report about the significant cybersecurity incidents
propagate through critical control capabilities, advance since 2006 targeting government agencies, defence and
persistent threats (APTs), insider threats, nation-state high-tech companies or inducing economic losses of over
attacks, and ransomware. Ransomware in particular is one million US dollars. A simple statistical analysis of
one of the earliest forms of the cyber attacks, which has the reported incidents confirms the concerning growth in
been closely followed by malware. Both types of the the number of the cyber attacks on CI (see Figure 2).
cyber attacks have been observed for decades and
through time, the attack methods and mechanics have
Number of significant cybersecurity incidents

140
steadily progressed in terms of invasiveness,
evasiveness, and sophistication. The APT attacks are 120

specifically concerning in the context of CI. They are 100

prevailingly nation-state sponsored and target the data 80

theft and tampering the control and management

60
capabilities, particularly in the energy CI. A general trend
can be observed about a typical progression of such an 40

APT attack, i.e. the cyber kill chain process that involves 20

an initial attack to gain access to CI through phishing, 0

insider attack or supply chain attack, followed by a
2006

2009

2012

2014

2017
2007

2008

2010

2016

2018

2019

2020

2021

2022

2023
2011

2013

2015

Year
deployment of malware to implement sabotage actions,
and finally data exfiltration. Types of the attackers and
their incentives include cybercrime groups interested in Figure 2. Number of the significant cybersecurity incidents
financial gains, state-sponsored groups pursuing since 2006 [8].
espionage and disruption fuelled by geo-political events,
and hacktivists. The most common types of the attacks,
76 VOLK

Table 1: Types of cyber attacks, their mechanics and goals A detailed threat landscape analysis reveals that a
significant number of the cybersecurity incidents are
Attack reported across a variety of the CI sectors, including
Mechanics and goals
type
government infrastructures, defence, healthcare,
A cybersecurity attack where the attackers take
control of the target’s assets (e.g. encryption of the communications, energy, banking and finance, and
Ransomware transport, with all types of attacks represented. Two very
files containing sensitive data) and demand a ransom
in exchange for the return of the asset’s availability. relevant resources in this respect are MITRE ATT&CK
A cyber attack that involves the use of a malicious for ICS framework that serves as a live online common
software or firmware designed to damage, disrupt or
gain an unauthorized access to the systems that will industry lexicon managed by the MITRE Corporation
Malware have an adverse impact on the integrity, that documents the tactics and techniques of attacks on
confidentiality, or availability. Also known as a the OT systems through eleven categories [9], and the
malicious code and malicious logic. Examples recently released NSA Elitewolf, a Github repository
include viruses, trojan horses, worms and spyware.
Malicious activities that attempt to exploit the human
containing various ICS/SCADA/OT focused signatures
error or human behaviour with the objective of and analytics made available for the IC operators to
gaining access to information or services. It relies on identify and detect a potentially malicious cyber activity
various forms of manipulation, including phishing, in their OT environments [10]. Following a simple
Social
pretexting, baiting and scareware, with the goal to
engineering
trick victims into making mistakes, handing over
keyword search applied to the report provided by CSIS
sensitive information, visiting websites, granting [8], the volume of the reported attacks per a specific CI
access to systems or services, or perform other types sector is presented in Figure 3, where the majority of the
of actions that compromise the security. reported incidents target government infrastructures and
Malicious activities aimed at stealing, altering or
destroying digital information classified as sensitive,
services, followed by defence and energy sectors.
confidential or protected. The attacks can be Interestingly, compared to the statistics reported in [1],
classified in two basic groups, i.e. the data breach the government-related CIs have only recently emerged
where the attempt is to deliberately gain an as a major target, which can be attributed to the current
authorized access and release data, and data leak
Threats
where the attempt is to cause events, such as a human
worldwide and regional geopolitical tensions.
against data
error or misconfiguration that can consequently
cause an unintentional loss or exposure of data. The
primary consequences of such attacks include 120
privacy breaches, financial losses and damage to
reputation. Man-in-the-middle attacks fall within this
category. 100
A well-known and prevailing type of cyber attacks
attempting to compromise the availability of
Distributed 80
systems, services, data or other resources, by
Denial of
exhausting the resources or overloading the
Service
components of the network infrastructure. Attackers 60
(DDoS)
typically use a network of hijacked resources to
launch the assault.
Intentional or unintentional disruption causing 40
Internet outages, blackouts and shutdowns of
censorship. This can happen because of government-
20
Threats directed shutdowns, massive natural events such as
against earthquakes or cyclones, as well as incidents such as
availability power outages, cyber attacks, technical failures, or 0
military actions. The frequency and diversification of
Financial
Government

Healthcare

Transport
Energy

Emergency
Defence

Communications

the threats continues to proliferate, resulting in a

significant monetary loss to national economies. CI sector
Cyber attacks where a false or misleading
information is deliberately spread or a genuine
information is altered to deceive, mislead, or
influence individuals or systems. This can involve an
altering digital content, creating fake news, or
Information manipulating the data to compromise decision-
Figure 3. Number of the significant cybersecurity incidents
manipulation making processes, public opinion, or the integrity of
the information systems. The attacks rely mostly on since 2006 [8].
non-illegal behaviours that can cause potentially
negative impacts on values, procedures or political Some of the most well-known incidents attacking
processes. False data injection is one type of the energy infrastructures were the 2021 Colonial Pipeline
attack of this group.
Targets less-secure elements in the supply network
ransomware attack [11], causing a significant financial
to compromise the final product or organization. By loss and public distress, and the Ukraine Power Grid
Supply chain infiltrating a trusted vendor or component, attackers Attacks in 2015 and 2016 using BlackEnergy 3 malware
attack exploit these relationships to distribute malware or that led to disruptions to the Ukrainian power grids,
gain an unauthorized access to sensitive systems and
data
causing widespread energy outages [12]. Two other
notorious incidents are the 2010 Stuxnet attack on the
77 SAFER FUTURE: LEVERAGING THE POWER OF AI TO IMPROVE CYBERSECURITY IN CRITICAL INFRASTRUCTURES

Iranian nuclear facilities, a highly sophisticated malware representative of the entire volume of cyber attacks on
attack that was believed to have targeted the uranium CI, partially due to the exclusion of smaller-scale
enrichment infrastructure and was suspected to be incidents and due to the scarcity of incident reports for
nation-state sponsored [13], and the 2020 SolarWinds the security and privacy reasons, in particular in the most
supply chain attack where a malicious software was devastating or security-sensitive cases.
installed on a major software upgrade, resulting in more The illustrated threats against CI and escalating
than 18.000 affected businesses [4]. Table 2 provides a cybersecurity concerns in general necessitate a
review of the prevailing types of the cyber attacks specialized approach with a comprehensive visibility of
encountered in specific types of CI with other examples the entire infrastructure and more sophisticated cyber
of real-world incidents. The timeline of the incidents is defence mechanisms to effectively prioritize and manage
presented in Figure 4. It must be noted, however, that the the known and suspected vulnerabilities, as discussed in
provided statistics and the selected examples are not the next section.

Table 2: The prevailing types of the cyber attacks on CI with examples of the well-known attack incidents

CI attack type and target Examples

Stuxnet [13] – changes the control configuration/capabilities by exploiting OS
vulnerabilities to affect the PLC operation. It was used in the 2010 attack on
the Iranian nuclear infrastructure.
Havex [14] – exploits through remote access capabilities or compromised
supply chain by compromising the installation SW to gain access to and report
OT MALWARE information about specific servers in the OT system.
Malware specifically designed to target the OT systems to Industroyer (Crashoverried) [15] – targets industrial control protocols to
gain control of management functions, reconfiguration of directly control switching and circuit devices, wipe data and execute DoS on
control capabilities, execution of DoS or data theft/exposure specific devices. Used in the 2016 (Industroyer) and 2022 (Industroyer 2)
in an OT system. attacks on the Ukrainian power system.
TRITON [16] – accesses and reprograms safety instrumented system
controllers causing the controller to enter a failed safe state, automatically
shutting down the industrial process.
BlackEnergy [5] – exploits the MS Office and remote access vulnerabilities.
Used in the 2016 Ukrainian power grid attack.
ADVANCED PERSISTENT THREAT (APT) SolarWinds Orion APT [17] – an APT attack in 2020 exploiting a supply chain
A sophisticated attack campaign in which the intruder attack by infiltrating a malicious code into a network monitoring and
establishes a long-term presence within the system. The configuration management software suite to install a backdoor into the system,
initial infection vector exploits a compromised supply chain followed by privilege escalation and user impersonation to penetrate further
and/or social engineering attacks, possibly combined with into the system and perform different types of attacks and compromises.
other decoy tactics, such as DDoS, to install malware A41APT [18] – an ATP attack exploiting the SSL-VPN vulnerabilities and
enabling a remote access. This is followed by an expansion installing malware (SodaMaster, P8RAT and FYAnti) to deploy a remote
to critical parts of the system causing an illicit access to the management tool. Used to target multiple industries, including for example the
sensitive data or even malfunctions, and finally extraction Japanese manufacturing industry in 2010.
when sensitive data is exported from the system using again
a range of distraction tactics, e.g. a DDoS.
Stradis Healthcare [19] – during the COVID-19 pandemic in 2020, a former
employee accessed the company shipping system and deleted shipping data,
INSIDER THREAT causing delays in the delivery of the personal protective equipment.
Malicious actions taken by individuals within an organization Pegasus Airlines [20] – personally identifiable information exposed in 2022 as
that can compromise the CI availability and security. Insider a result of a cloud misconfiguration by a system administrator.
threats can either be accidental or intentional. South Georgia Medical Center [21] – patient test results, names, and birth dates
were leaked in 2021 by a former employee who used a USB stick to download
the exposed data.
NATION-STATE ATTACK Russian cyberattack on Ukraine [22] in Feb. 2022 caused disruptions to
A cyber attack carried out by a state-sponsored actor against broadband satellite internet access services by disabling modems that provided
another government or a private organization, the goal of communication via Viasat Inc's KA-SAT satellite network. Malware AcidRain
which is espionage, disruption, destruction or political was believed to be used and a probable goal was to disrupt Ukrainian command
message. It exploits a variety of methods, such as phishing, and control during the invasion.
DDoS, malware and ransomware.
Colonial pipeline attack [23][21] – used DarkSide RaaS and caused a shortage
of the gas supply for customers by compromising the management computer
RANSOMWARE system through compromised credentials for a legacy VPN.
An attack using a custom platform-specific SW designed to JBS USA [21]– was based on REvil RaaS and caused a shutdown of beef
encrypt, lock or exfiltrate data. Most ransomware attacks use manufacturing operations in 2021.
e-mails as the delivery method and target PCs/workstations Maersk [21] – was attacked in 2017 using NotPetya malware, which exploited
and exploit vulnerabilities of Windows OS. Supply chain the EternalBlue Windows vulnerability and spread via backdoor in MeDoc SW,
ransomware is a specific subgroup of attacks where and locked the system used to operate shipping terminals all over the world.
ransomware is distributed through trusted SW distribution WannaCry attack on NHS [24] – carried out in 2017 by exploiting a Microsoft
methods (e.g. SW updates). security vulnerability on PCs, leading to a network closure and blockage of
essential services in NHS, including e.g., ambulance handover process, transfer
of CT/MR scans and chemo orders, etc.
78 VOLK

MAERSK STRADIS PEGASUS NATO

Transport and logistics HEALTHCARE AIRLINES Communications
Ransomware Healthcare Transport DDoS
2017 (Denmark) Insider threat Insider threat 2023 (Turkey)
2020 (USA) 2022 (USA)

STUXNET BLACKENERGY NHS SOLARWINDS ACIDRAIN EUROPEAN

Nuclear infrastructure Power grid Healthcare IT Communications INVESTMENT BANK
OT Malware
OT Malware Ransomware APT (supply chain) Nation state Finance
2010 (Iran) 2015 (Ukraine) 2017 (UK) 2020 (USA) 2022 (Ukraine) DDoS
2023 (EU)
2010 2015 2016 2017 2020 2021 2022 2023 2024

A41APT INDUSTROYER TRITON JBS DUTCH MILITARY

Manufacturing Power system Petrochemical industry Food industry Defence
APT OT Malware OT Malware Ransomware Malware
2010 (Japan) 2016 (Ukraine) 2017 (Saudi Arabia) 2021 (Brazil) 2023 (The Netherlands)

COLONIAL PIPELINE KYIVSTAR

Oil system Communications
Ransomware APT
2021 (USA) 2023 (Poland)

Figure 4. Timeline of major cyber incidents targeting CI.

3 CYBER DEFENCE STRATEGIES AND attack vectors and targets. It comprises also a risk
assessment to identify vulnerabilities and prioritize the
TECHNOLOGIES IN CI threats, with a focus on critical assets that if compromised
The complexity and persistence of the CI cyber threats would have a most significant impact on the public safety
has recently led to establishment of multi-layered and and services.
integrated cyber defence strategies that focus on The second stage focuses on the prevention of an
resilience of the infrastructure and services by combining attack by securing the infrastructure from external cyber
a multitude of complementary approaches and attacks in order to avoid the occurrence of any damage or
technologies. Cybersecurity advisory organizations, such loss. The prevention is focused on the measures directly
as the US National Institute of Standards and Technology blocking a cyber attack or creating conditions that install
(NIST) and Cybersecurity and Infrastructure Security limits or prevent the attack from succeeding, e.g.,
Agency (CISA), as well as evidence from the best securing the infrastructure (firewalls, antivirus and anti-
practices encourage the use of proactive and adaptive malware SW, encryption etc.), training employees, and
approaches relying on a real-time detection and implementing robust security policies and procedures.
assessment, continuous monitoring and intelligence- This entails implementation of robust cybersecurity
driven analysis to identify, detect, protect against, frameworks designed for IT and specific OT
respond and profile specific cyber attacks. In this respect, environments [5], such as the IEC 62443 series and NIST
a combination of passive and active cybersecurity SP 800-82 for securing the ICS and OT systems,
measures should be considered when establishing a including the network security, access control, and
trusted and robust security system able to protect the CI, incident response, ISO/IEC 27001 for information
crucial data, and the user privacy, and specialized security management systems (ISMS), including the OT
deception technology should be employed. protection guidelines, ENISA OT Cybersecurity
Recommendations, including threat intelligence,
3.1 Adaptive CI cybersecurity strategy network security, and incident response, and sector-
Figure 5 depicts the stages of an adaptive specific regulation, e.g., NERC CIP standards for the
cybersecurity strategy in reference to the timing of a energy sector, as well as adherence to industry standards
cybersecurity incident. The respective aims and methods to establish and enforce guidelines and best practices
of individual stages, and typical systems and tools designed to protect information systems against cyber
implementing them are the following [25][26]. threats. This stage incudes implementation of a supply
The first stage, prediction, identifies the most probable chain security to prevent infiltration through third parties,
cyber attacks, targets and attack methods in advance, i.e., robust backup and redundancy strategies ensuring that all
before the incident occurs, becomes apparent or causes critical data and systems can be quickly restored in the
negative effects. Prediction relies on trend analysis, event of a cyber incident, minimizing the downtime and
threat intelligence and historical data to predict probable operational impact, and adoption of the Zero Trust
79 SAFER FUTURE: LEVERAGING THE POWER OF AI TO IMPROVE CYBERSECURITY IN CRITICAL INFRASTRUCTURES

Architecture to minimize internal and external risks by establish a timely awareness and initiate appropriate
adopting approaches, such as the least-privileged access, response procedures. It entails implementation of
micro-segmentation and continuous monitoring of the continuous monitoring and layered defence capacities for
network activity, to prevent an unauthorized access and a fast anomaly detection, monitoring of suspicious
data breaches as well as to limit and a contain cross- activities, thus providing a timely awareness of potential
contamination, in particular from the IT to the OT parts issues and mitigation of any potential incidents. This
of the infrastructure. The development and maintenance includes combinations of several different
of an incident response and recovery plan is also part of complementary approaches and techniques, including
the prevention stage, specifying procedures for intrusion detection systems (IDS), security information
responding to the cybersecurity incidents (roles and and event management (SIEM) systems, and anomaly
responsibilities, communication plans, recovery detection tools, as well as other advanced active threat
procedures for systems and services restoration after an intelligence and cyber protection technologies, such as
incident). Regular red teaming exercises and penetration intrusion protection systems (IPS) and research and
testing should also take place to simulate the cyber operational honeypots.
attacks and test the effectiveness of the adopted security Finally, the fourth stage implements a response and
measures in a controlled environment. The last but not recovery. It relies on the incident response techniques,
the least, this stage entails establishment of the training methods and solutions designed to take specific actions
and awareness programmes for employees and in an attempt to contain an ongoing cyber attack and
collaboration capabilities with government agencies for mitigate and manage its consequences. The response can
threat intelligence sharing and coordinated responses to be focused on the threat eradication, system recovery to
threats. a normal operation, and forensic analysis for learning and
The third stage takes place after an incident future security strengthening purposes.
occurrence. It focuses on identification of an ongoing
attack that can no longer be prevented in order to

Figure 5. Stages of the adaptive cybersecurity.

antimalware software, encryption, and intrusion

3.2 Cyber defence technologies detection systems (IDS) [27][28]. However, the passive
Today, there is a broad range of approaches and methods are becoming increasingly inefficient against
dedicated technologies available for the detection, sophisticated and adaptive cyber attacks, where more
monitoring, profiling and behavioural analytics of cyber proactive and dynamic defence approaches are required.
attacks as well as deterrence and active engagement with Thus, the emerging strategies are increasingly leveraging
the threat itself. They can be broadly categorized as the capabilities of active and dynamic actions to detect,
passive and active cybersecurity measures. The passive respond to and mitigate threats through a direct hands-on
measures, largely found in the traditional approaches, interaction with the threat as it occurs. This includes
comprise a set of the security practices, tools, and intrusion prevention systems (IPS), red team exercises
technologies that are reactive by nature, work in the and penetration testing, ethical hacking, incident
background or are part of a layered defence strategy and response teams and comprehensive threat hunting
operate without a direct intervention during an attack. activities such as the Cyber Kill Chain and MITRE
They include firewall configurations, antivirus and ATT&CK framework [27][28][29].
80 VOLK

The IDS and IPS systems, collectively referred to as more accurate detection [36]. There are two specific
IDPS, serve as the first line of the defence against a wide groups of the honeypots. The research honeypots are
range of cyber threats, including external hacking implemented in an isolated manner and separately from
attempts and insider threats, providing capabilities to actual CI, deliberately exposing interesting systems,
identify and mitigate potential security threats before services and capabilities and thus setting traps for cyber
they can impact the system integrity and functionality. attackers in order to observe the attack characteristics and
The IDS systems monitor the infrastructure for malicious collect data, which is used for a detailed analysis,
activities and policy violations, raising alerts whenever a profiling and planning of further defence measures. The
known threat or a suspicious activity potentially production or in-network honeypots, on the other hand,
indicating a new type of attack is detected or whenever enhance security procedures in an actual infrastructure
an unauthorized activity deviates from the established [36]. They are embedded directly inside CI that is being
policies. They are categorised as the network-based IDS protected and serve as active decoys, luring the attackers
when designed for monitoring an incoming network, and away from the actual resources, thus providing a real-
host-based IDS when focused on individual device time protection as well as intelligence collection for the
monitoring, and as signature-based IDS when relying on analysis and profiling purposes [37]. Honeypots can also
predefined patterns of the known threats to identify be categorized as low-interaction, medium-interaction, or
attacks, anomaly-based IDS when ML and statistical high-interaction honeypots, depending on the scope and
modelling are used to identify deviations from a normal complexity of their design and their capabilities to
behaviour, and specification-based IDS combining the interact with and adapt to the attacker activities in real-
benefits of the signature and anomaly-based IDS time [5][36]. The current research is focused on the
approaches by manually specifying the behavioural development of the sector-specific honeypots for
characteristics of an attack [3][30]. The IPS systems specialized systems, such as IIoT, ICS and CPS [38],
further extend the IDS detection capabilities by taking complemented with advanced cyber intelligence tools
predefined actions in real-time to prevent the exploitation capable of delivering actionable insights and decision
of vulnerabilities. This includes actions to report, block, support while minimizing the cognitive burden imposed
suspend or reset suspected malicious activities, e.g., on its users, e.g. tailored visualizations, cyber attack
termination of malicious processes, blocking of modelling with behavioural analytics, and deep learning
suspicious IP addresses and rerouting the malicious techniques [37][39]. The interconnectedness of the OT
traffic, or modifying the firewall rules to enhance the and IT systems in CI allows for exploitation of a broad
security posture. The measures installed by IDPS can range of the available general IT-oriented honeypots,
collectively help identify vulnerabilities and proactively such as Dionaea [40] for the attack and malware
tackle ongoing attacks in real-time, and provide the detection, SSH/Telnet honeypot Cowrie [41], and
capabilities and assets for detection, mitigation, Honeytrap solution [42][43]. Research on the honeypots
monitoring and management of the cybersecurity specialized for specific CIs is also underway, but on a
incidents. There are numerous implementations and much smaller scale. Moreover, a detailed review of the
extensive research is underway on the IDPS capabilities available literature reveals that the vast majority of the
and technologies for different types of CI, in particular in reported CI honeypot experiments is conducted on the
the smart energy and more generally in the IIoT and ICS public Internet infrastructure or within university
sectors. Some selected examples include an IDS for research environments, whereas only a small portion
autonomous distributed IoT systems [31], a ML-based takes place in actual CIs or simulation environment
IPS for unmanned aircraft systems [32], and a distributed thereof. Examples of the specialized sector-specific
IDS for the SCADA systems in smart grids [33]. honeypots for CIs along with the available evidence
The deception technology, i.e. honeypots, honeynets about practical experiments for particular vertical sectors
and other forms of digital decoys, introduces an are presented in Table 3. The collected examples are
additional layer of defence in a dynamic and adaptive primarily in the smart energy, water management and
security environment [5]. In general, the cyber deception smart factory domains, whereas the application of the
protects networks by creating uncertainties and honeypots in other sectors is either less extensively
complexities for the attackers, thus increasing the costs addressed or predominately concerned with the IoT
and risks associated with their activities. The scientific cybersecurity on the device level, e.g. of medical devices
basis for these technologies is their ability to mimic real in healthcare or of autonomous vehicles in transportation.
systems designed to mislead the attackers into engaging The integration of the passive and active cyber
with the decoys, thereby revealing their presence and defence measures and deception technology creates
providing an opportunity to observe their tactics and dynamic and adaptive cybersecurity capabilities and is
intentions without compromising the actual resources representative of a synergistic approach installing a
[34][35]. A honeypot is a technology that complements comprehensive and effective cybersecurity strategy.
and expands the field of operation of the IDPS systems However, CIs continue to be particularly exposed and
to improve the detection of the zero-day attacks in impacted by the increasing scale and progressive
signature-based IDS/IPS systems, and to support the sophistication of cyber attacks. Thus, further advances
operation of the anomaly-based IDPS systems towards a are required towards an even more dynamic, intelligent,
81 SAFER FUTURE: LEVERAGING THE POWER OF AI TO IMPROVE CYBERSECURITY IN CRITICAL INFRASTRUCTURES

and potentially more resilient approach to the CI security. 4 AI APPLICATIONS IN CI CYBERSECURITY

To do so, the emerging strategies are increasingly
leveraging the capabilities of AI, which has found several The integration of AI into the cybersecurity protocols
applications to predict, identify, and neutralize the represents a paradigm shift from a static defence to a
cybersecurity threats and provide a new level of threat dynamic, intelligent, and potentially more resilient
intelligence [65]. The opportunities and challenges of approach to securing CIs. AI, and ML in particular,
introducing AI into the CI cyber defence are addressed in provide capabilities for recognizing patterns and
more detail in the next section. predicting future events based on a prior experience,
thereby preventing or detecting and even responding to
potentially malicious activities [25]. At present, the ML
Table 3: Review of the specialized sector-specific honeypots in algorithms are commonly used for intrusion detection,
CIs classification, prediction and prevention, automated
incident response, malware detection and analysis,
Mimicked Demonstrated
Honeypot anomaly detection, zero-day attack prediction, as well as
systems/services sector/CI
ICS/SCADA systems Amazon AWS [44] for advanced analytics and other intelligent applications
simulation incl. ICS Smart grid [45] in the threat intelligence that operate based on extraction
protocols and Scheider Electric of insights from the cybersecurity data [25][34][66][67].
Conpot [5]
ICS/SCADA PLCs PowerLogic ION6200
(basic and
(e.g., Siemens S7-200 smart meter [46]
According to NIST, AI has been recently recognized
extended as a major enabler in all stages of the cybersecurity, i.e.
PLC) Siemens S7-200 PLC
versions)
simulation in an identification, protection, detection, reaction and defence
electric power plant against cyber attacks. A summary of the possible uses
[47]
ICS/SCADA systems Smart energy systems
and applications of AI/ML in different cybersecurity
IEC104 (electric power stages is provided in Table 4 [34][67]. We hereafter focus
honeypot [36] installations, power more thoroughly on the adoption of AI in the cyber
grids) defence mechanisms of IDPS and deception technologies
DiPot [48] ICS systems ICS systems generally as well as complementary capabilities in the detection
ICS systems; support Amazon AWS, PLC and response operations, such as predictive intelligence.
HoneyPLC [49] for a wide range of PLC systems generally
models and suppliers However, AI is expected to empower all stages of the
HoneyVP [50] ICS systems ICS systems generally cyber protection in the technological, managerial and
SCADA CPS honeynet Smart energy system procedural aspects, including the AI-based security by
GridPot [51]
framework [52] design and micro-segmentation, automated AI-based
ICS systems (S7-300 ICS systems generally vulnerability identification and assessment, AI-assisted
CryPLH [53]
Siemens PLC)
penetration testing, AI-based cybersecurity infrastructure
CPS honeypot (generic ICS systems generally
HoneyPhy [54] analogue thermostat investments optimization, in-depth AI forensics, etc.
and the DNP3 protocol) [65].
iHoney [55] ICS infrastructure Water treatment plant
PLC honeypot ICS systems generally
XPOT [56] Table 4: AI applications in the adaptive cybersecurity
(Siemens S7 314C-2)
TrendMicro[57] ICS honeypots Factory environment
CPS honeypot (incl. Industry 4.0 factory Stage AI/ML applications (examples)
Cyber CNI [58] PLC, SCADA, HW emulation Prediction of new attack vectors based on
devices) identification of trends, anomalies and potential
PREDICT
Veeder Root Guardian Gas pipelined new threats, and behaviour analytics, using
GasPot [59] AST simulation (tank infrastructure historic and current datasets from various sources
gauge) Identification and blocking of potentially
Electric power Power systems malicious activities, automation of security
SHaPe [60] substation IED measures and configurations, e.g. through using
PREVENT
simulation automated network security policy management
ICS honeypots Water treatment tools, advanced antivirus software, and adaptive
Wilhoit [61] mimicking water infrastructure authentication systems
pressure station Enhancements of traditional (signature-based)
ICS plant simulation Water treatment detection capabilities through pattern recognition
DETECT
(water tanks, sensors, infrastructure indicative of threats, e.g., zero-day attacks and
Murillo [62] sophisticated malware
actuators, and PLC
devices) Automated incident analysis for threat
RESPOND &
ICS components and Water distribution prioritisation and future response optimizations
RECOVER
MimePot [63] control processes PoC implementation Advanced forensics
simulation
ICS industrial ICS systems generally
NeuralPot [64] environment 4.1 AI learning approaches
simulation
In its broadest sense, AI can be referred to as a
computer system with a human-like intelligence, the
capabilities of which include the ability to reason, learn,
82 VOLK

solve problems, self-correct, and interpret the natural even explicit requests from the infrastructure operators,
language [30][66]. Herein, the ML technologies associated with sensitive nature of such data [132].
represent algorithms that have the ability of making Moreover, some CIs are subjected to further sector-
decisions or predictions by learning from data instead of specific challenges associated with the data availability.
being explicitly programmed, by automatically creating In defence, for example, rare or even hypothetical events,
analytical models in the concrete domain of application or out-of-bounds inputs are features rather than dataset
[25]. Depending on the learning type, the ML approaches anomalies [133]. Also, some applications require highly
can be classified into supervised learning, unsupervised varied scenarios with all possible combinations of
learning, deep learning (DL), generative learning, and attributes that cannot be realistically captured in the
reinforcement learning, as well as combinations thereof, original data, i.e. in an AI-assisted UAV-based visual
i.e. semi-supervised learning that combines supervised reconnaissance application that cannot take place in all
classification and unsupervised clustering methods, possible environments and flight conditions. To
transfer learning where a pre-trained model is applied to overcome the dataset scarcity problem, the few-shot
a new classification task of a related problem, federated learning approach is an emerging direction where a few
learning that takes place across several independent malicious samples, such as zero-day attacks, are
decentralised datasets, and ensemble learning that collected in realistic settings [69]. Another approach is
combines multiple learning algorithms either the use of synthetic datasets in place of real-world
sequentially or in parallel for improving the resulting datasets [134][135]. It allows to generate highly diverse
predictive performance. Presently, the supervised or even novel datasets, fine grain control of data
learning is the most frequently used approach in the attributes, and automatic annotation or data labelling
cybersecurity applications. However, it suffers from two where necessary, which is particularly appropriate for
significant drawbacks. Firstly, the traditional supervised CIs that require training datasets comprising unusual or
learning is capable of identifying only pre-defined rare events, or a broad variety of possible scenarios. The
features or parameters [3]. In response, other ML scarcity of high-quality datasets is further exacerbated
approaches are currently considered to overcome the also by the fact that the current AI practice predominately
feature extraction issues. DL, for example, has the ability relies on isolated uses of individual datasets, which in
to directly train on the original data without feature addition to the availability issues stems from the poor
extraction and as a result it is able to detect nonlinear understanding of the relationships between individual
relationships, and is therefore specifically useful for the datasets. The research shows that the same limited choice
detection of the previously unknown attacks on CI [3]. of the available datasets have been used in numerous
Secondly, the supervised learning requires annotated studies on the cyber attack detection mechanisms [65],
training datasets, which must be recent, representative, i.e., datasets DARPA'98 [137], KDD'99 [138], NSL-
high-quality and containing relevant features. Thus, a KDD [139], and CIC-IDS2017 [140]. The AI training
choice of the model depends on the learning properties, approaches based on a successful fusion of multiple
quality of the available cybersecurity data and on the datasets are thus an emerging research topic. Some of the
effectiveness of the learning algorithm. Studies of the well-known and used cybersecurity datasets relevant in
AI/ML-based intrusion detection solutions for the IoT the context of CI are summarized in Table 5.
and CPS systems [67][116][117][118] for example
demonstrate varied levels of the effectiveness in using 4.3 AI applications in cyber defence
different models, i.e., decision trees, random forests and AI has many applications in IDPS, deception
K-Nearest Neighbours perform well, while deep technologies and incident response systems. In IDSP, the
learning, MLP, Naïve Bayes and Logistic Regression signature-based systems suffer from their inability to
show a lower performance, and expectedly fusion detect new attacks [69]. For example, sophisticated
methods outperform the basic classifier models. Thus, malware uses concealment techniques to reprogram itself
each particular AI/ML application requires targeted after each consecutive attack iteration, thus successfully
studies and careful selection of the most appropriate preventing the detection based on the attack signature
model. [67]. This shortcoming is overcome in the anomaly-based
IDPS that has capabilities to detect new types of attacks,
but the approach consequently suffers from false
4.2 AI training datasets
positives, i.e. normal traffic patterns wrongly recognized
The availability, quality and recency of the training as deviations [70]. To overcome these challenges, AI
datasets is a crucial challenge in the AI/ML-based cyber enhances the network-based IDPS systems with
defence [65]. A closer examination shows that most of advanced capabilities for an automated and intelligence-
the available datasets are outdated and thus unable to driven detection of novel threats and further reduction of
support the AI algorithms in establishing understanding false alarms resulting from misclassification of a normal
of the most recent cyber attack patterns [131]. Also, the behaviour [66][67]. A range of the AI-based capabilities
sufficiently broad real-world cybersecurity datasets for is applied for different purposes, such as anomaly
CIs are scarce, which is partially due to the privacy, detection by analysing traffic patterns and payloads,
regulatory and legal limitations, e.g., in healthcare, or detection of encrypted threats by analysing flow
83 SAFER FUTURE: LEVERAGING THE POWER OF AI TO IMPROVE CYBERSECURITY IN CRITICAL INFRASTRUCTURES

properties, outlier detection by means of unsupervised 2.2.17 and PHP 5.3.5, FTP, SSH, MySQL 14.14,
clustering, etc. In the host-based IDPS, ML is used e.g., and TikiWiki software. It includes traces of
network attacks: Hydra-FTP, Hydra-SSH,
for malware classification and detection of malicious Adduser, Java-Meterpreter, Meter-preter,
system state changes. AI is used in IDPS also for Webshell.
response and containment purposes, e.g., to adaptively A large IoT data set containing various attack
modify policies in real time in order to block malicious types, including DDoS, DoS and service scanning.
Bot-IoT
The included types of the IoT devices are weather
traffic, prioritize and contain host endpoint attacks, or Dataset 2018
station, intelligent refrigerator, lamps with motion
even apply an adaptive system-wide response with [150]
sensors, remote garage doors, and intelligent
successive strategy refinements after each iteration [71]. thermostat.
Such strategies are particularly beneficial in response to A datatset containing 20 malware captures
IoT-23 [151] executed in IoT devices, and 3 captures for benign
zero-day attacks where an adaptive response is crucial. IoT devices traffic.

Table 5: Some of the well-known cybersecurity datasets The analysis of examples of AI-based IDS for CIs
reveals a varied use of the ML learning approaches, as
Dataset Characteristics summarized in Table 6. The predominant category of ML
The 1998 DARPA Intrusion Detection Evaluation applications in IDS falls within the scope of the
Dataset consisting of an off-line evaluation using
network traffic and audit logs collected on a
supervised learning approaches. Examples of the use of
DARPA'98 the ML classification applications include e.g., IDS for
simulation network, and of real-time evaluation
[137]
that took place in the AFRL network test bed advanced metering infrastructure in smart grids using a
identifying attack sessions in real time during decision tree for anomaly detection [72], Android
normal activities.
malware detection in the context of IoT using support
Most widely used dataset with 41 features
attributes and class identification. It distinguishes vector machine classification [73], anomaly-based IDS
KDD’99 Cup
between four categories of attacks: DoS, remote- using a lightweight logic regression model for network
[138]
to-local (R2L) intrusions, user-to-remote (U2R) security improvement and reduction of the human
intrusions, and PROB and conventional data.
involvement in the botnet detection [74], IDS for a gas
NSL-KDD Updated KDD’99 Cup with removed redundant
[139] records to avoid skew. pipeline infrastructure using K-Nearest Neighbour [75],
CAIDA’07 A 2007 dataset with anonymized traces of the and application of fuzzy logic, neural networks, and
[141] recorded DDoS attack traffic. support vector machines to improve the false-alarm
A dataset containing network traffic generated in problem and detection of different attack types, such as
ISCX’12 [142] a real-world physical test environment, containing
centralized botnets.
DDoS [76]. Examples of ensemble learning applications
A botnet traffic dataset containing 13 separate include network-based IDS with a network intrusion
CTU-13 [143] malware captures, including botnet, normal, and prediction based on random forest and support vector
background traffic. machine using multiple decision trees [77], a random-
A dataset containing 49 features and roughly forest based man-in-the-middle attack detection for
UNSW-NB15
257.700 records, which represent 9 different
[144] SCADA IoT systems [78], and IDS for IoT platform
forms of attacks, including DoS.
An intrusion detection evaluation dataset integration using a combination of a random forest and a
containing benign and most common attacks, and neural network [79]. Network-based intrusion detection
CIC-IDS2017 the results of a network traffic analysis with using an association rule-mining approach [80] and
[140] labelled flows based on the time stamp, source,
and destination IPs, source and destination ports, belief-rule-based association rule with the ability to
protocols and attack. handle the various types of uncertainties in IoT
A dataset containing common DDoS attacks. It environments [81] are examples of the rule-based
CIC- includes also the results of the network traffic applications. A more recent category of AI-assisted IDS
DDoS2019 analysis with labelled flows (time stamp, source,
[145] and destination IPs, source and destination ports, utilizes deep learning. The examples include SCADA
protocols and attack). IDS using a Genetically Seeded Flora feature
A dataset containing an hour of traffic that optimization technique merged with Transformer Neural
UNSW-NB15 represents 9 types of the major attacks – fazer, Network [82], an optimized Back-Propagation Neural
2015 [146] shellcode, backdoor, DoS, exploit, generic,
reconnaissance, analysis, worm.
Network for SCADA intrusion detection in water
A comprehensive dataset comprising various treatment systems [83] intrusion detection in CPS using
CSE-CIC-
classes of attacks. Six attack scenarios were used: a LSTM-based recurrent neural network [84], a smart
bruteforce (dictionary password matching), grid IDS solution using an Autoencoder-Generative
IDS2018 [147]
heartbleed (SSL/TLS vulnerability), botnet, DoS,
DDoS, WEB application attack.
Adversarial Network for attack detection [85],
A dataset prepared with a SCADA system, identification of cyber attacks in IIoT using recurrent
WUSTL-IIOT- neural networks and artificial neural networks [86], and
emulating real-world industrial systems, and
2018 ICS
focusing on reconnaissance attacks (port scanner, IDS using CNN for detection of man-in-the-middle
SCADA cyber
address scan attack, device identification attack, attacks on military-grade Robot Operating System [87].
security
device identification attack – aggressive mode,
dataset [148] In the generative learning category, IDS solutions using
exploit).
ADFA 2013 A dataset intended for IDS evaluation, containing auto-encored based approaches are available for malware
[149] server traffic for Ubuntu Linux 11.04 with Apache and intrusion detection [88][89], and intrusion detection
84 VOLK

based on deep belief networks [90]. Semi-supervised concealment purposes and increased engagement [101]
learning is also employed, e.g., for fog-based attack and for improving emulation capabilities [102], and more
detection using the ELM-based Semi-supervised Fuzzy recently by using various types of Markov chains, e.g., to
C-Means method for cloud/fog-computing in IoT increase the number of commands from an attack
environments [91], a deep Feed Forward Neural Network sequence [103]. Following the attack data collection,
as a classifier with a deep autoencoder for anomaly different ML approaches are employed for analytics
detection in SCADA systems [82], and for false data purposes in order to implement attack classification and
injection attacks detection in smart grids using modelling, with the majority of approaches relying on
autoencoders and generative adversarial network [92]. A supervised and unsupervised learning, e.g., for DDoS
model-free reinforcement learning approach was used for identification [104], and for training dataset preparation
online cyberattack detection in smart grid [93], and [105]. The AI-assisted honeypot solutions include a
inverse reinforcement learning for anomaly detection honeynet for enhanced IoT botnet detection rate using
based on sequential data in safety-critical environments logistics regression and cloud computing [106], and a
[94]. production honeypot DeepDig [107] that uses ML for
Examples of AI-powered IPS solutions include an IPS attacker profiling and adaptability. Other approaches use
for unmanned aircraft system incorporating customized ML for anti-detection, i.e. reinforcement learning, and
Threat Analysis and Risk Assessment (TARA) and for zero-day DDoS attack prevention [103]. Honeypots
dynamically applied prevention rules for the detected Heliza [108] and RASSH [109] utilize reinforcement
attacks using deep learning [95], a network-based IPS learning to implement interactivity during attacks, e.g.,
based on self-organizing incremental neural network and allowing and blocking commands and substituting
support vector machine for industrial applications [95], messages. Another practical example of the deception
and an IPS based on game theory for Cyber Physical technology besides the AI-powered honeypots includes
Systems (CPS) using reinforcement learning [96]. Other the use of AI for generating decoy text files and
generic IPS examples include automatic incident deliberate manipulation of comprehensibility of real
characterization using ML to assign severity of the documents protected using genetic algorithm [110].
incident [97] and solutions for AI-based alert triage based There are several other relevant AI cybersecurity
on alert grouping in NIDPS using unsupervised application directions underway in the context of the AI-
clustering algorithms [98] and alert prioritization using assisted cybersecurity in CIs that either incorporate or
auto-encoders [99]. complement and extend capabilities of IDPS and
deception technology. For example, the use of AI is
Table 6: ML approaches in IDPS for specific CIs
extensively examined also for predictive intelligence in
Learning Examples of applications in specific CIs order to support capabilities to predict in advance the
approach type, intensity and targets of an intrusion. Examples
Anomaly detection in smart grids [72] include the use of DL for network intrusion alert
Supervised - Android malware detection in IoT [73] forecasting based on specific targets or malicious sources
classification IDS for gas pipeline infrastructure [75]
NIPS for industrial applications [95]
[111][112] and malware attack prediction based on
Supervised - Man-in-the-middle attack detection for SCADA recurrent neural networks [113]. Also, for security
ensemble IoT systems [78] monitoring purposes, AI is considered to support and
learning IDS for IoT platform integration [88] extend capabilities for security threats identification and
SCADA intrusion detection in water treatment investigation through data analysis and intel presentation.
systems [82]
Intrusion detection in CPS [84] Some selected illustrative examples include e.g., SIEM
Attack detection in smart grids [85], for the detection, normalisation and correlation of cyber
Deep learning
Identification of cyber attacks in IIoT [86] attacks and anomalies in smart grids [114], and a cyber
Detection of man-in-the-middle attacks on attack detection system for ICS [115].
military-grade Robot Operating System [87]
IPS for unmanned aircraft system [32]
Semi- Attack detection in fog computing IoT [91] 5 ADVANCED TOPICS AND FUTURE
supervised False data injection attacks detection in smart
learning grids [92] RESEARCH DIRECTIONS
Online cyber attack detection in smart grid [93]
Reinforcement Anomaly detection in safety-critical Despite the obvious benefits, the AI-based IDPS and
learning environments [94] deception technology solutions suffer from several major
IPS for CPS systems [96] challenges. The two prominent ones in the context of CI
are explainability, measured in terms of the utilized
In the deception technology generally and the model being interpretable, and robustness which
honeypots specifically, AI is employed for two principal represents the stability of the model against adversarial
purposes, i.e. to improve the adaptive behaviour attacks. Available research demonstrates that there is no
capabilities [100], and to implement retrospective one approach that exhibits superiority in both aspects
analysis. A variety of ML techniques has been proposed [71] and each represents a relevant emerging research
for adaptive behaviour capabilities in honeypots, direction.
including e.g., the use of reinforcement learning for
85 SAFER FUTURE: LEVERAGING THE POWER OF AI TO IMPROVE CYBERSECURITY IN CRITICAL INFRASTRUCTURES

5.1 Explainable AI In this type of the attack, the model is iteratively

Functional
queried in order to build a functionally equivalent
extraction
Explainability is an essential aspect in the AI-based model. Also known as a reverse engineering or
(inference)
security applications [67], i.e., the transparency of the model extraction attack.
Attack that recovers sensitive information about
algorithm functioning that reveals how and based on Inversion attack
training data, either fully or partially (properties,
what facts the initial conclusion was made. The current (inference)
attributes).
AI algorithms lack transparency in their decision-making In this type of the attack, malicious prompts are
process [65], thus suffering from lack of acceptance and injected into the model to cause an unintended
Prompt
behaviour, typically in the form of ignoring the
trustworthiness. The issue of interpretability or black-box injection attack
original instructions and instead following the
AI is a well-known dilemma where there is a trade-off (inference)
adversary instructions. The attack applies to the
between the prediction accuracy and explainability of the LMM models with complex inputs.
model, which is particularly challenging for the AI Various cyber attacks targeting the AI
Cyber attack infrastructure and its components instead of the
applications with high security requirements such as in model itself, e.g., API keys, data servers etc.
CIs. The challenge has recently led to a new research
field on explainable AI (XAI) to achieve improved INFERENCE PHASE
transparency, e.g., devising explainable IDS systems (X-
IDS) [70]. Numerous approaches are considered for the
implementation of the XAI, including feature importance QUERY

ranking, local explanations focused on a specific

datapoint or prediction, rule-based learning TRAINING PHASE

MODEL TRAINING
implementations and the use of inherently interpretable DATA
& VALIDATION

models, i.e. linear and logistic regression, visual COLLECTION

TRAINING DEPLOYED
DATA
interpretation of the model attention, and explainability MODEL

layers and user interfaces to support exploration of the

model internal representations in a human-readable form.
Despite its potential, however, XAI is a nascent research
direction. Some of the currently known challenges POISONING ATTACK
OUTPUT

include the introduction of additional complexity,

reduced prediction accuracy, and human-AI interfacing
for understandable explanations.
5.2 Adversarial AI

FUNCTIONAL EXTRACTION

INVERSION ATTACK

PROMPT INJECTION
EVASION ATTACK

ATTACK

ATTACK
Even though designed to improve the robustness of the
cyber defence, the AI and ML algorithms incorporated in
IDPS and deception technologies are attractive
cybersecurity targets themselves, creating a whole new
attack surface in CIs [119][120]. Cyber attackers target
vulnerabilities of the AI applications as part of their Figure 6. Types of adversarial the AI attacks in training and
attack strategies, e.g. offensive cyber operations using inception stages.
synthetic images, adversarial data manipulation etc.,
while at the same time they progressively leverage the AI Fundamentally, the adversarial attacks pursue three
capabilities to enhance their attack techniques and general types of objectives, i.e., reduced availability,
improve the defence avoidance [25][134]. This integrity violation and compromised privacy [154], with
represents a new dimension in the threat landscape that several different attack types (see Table 7). Attacks can
the defence mechanisms must recognize, acknowledge be classified into two major groups according to the time
and manage [152][153]. of their occurrence, i.e. adversarial attacks during the AI
training phase, and attacks in the inception phase, i.e.,
when an already trained model is tested, verified and
Table 7: Categories of adversarial attacks on AI deployed (see Figure 6). The adversarial attacks in the
training phase are categorized as poisoning attacks, in
Attack Description
which false or misleading data is injected into the training
Modifies training data to get a desired outcome at
Poisoning data, causing the model to learn incorrect patterns or
inference time. This allows the attacker to create
attack behaviours. For example, to induce unpredictable,
backdoors in the model where an input with the
(training)
specified trigger will result in a particular output. incorrect or even false predictions, the attacks utilize data
Based on adversarial inputs, the attacker elicits an perturbation, i.e., they slightly modify the input data,
incorrect response from a model. Typically,
malicious inputs are indistinguishable from which leads to faulty model predictions. This can result
Evasion attack in severe consequences in the context of services in CI.
normal data. Evasion attacks can be targeted,
(inference)
where the malicious input is designed in a way to A model can thus be falsely trained to interpret an image
produce a specific classification, or untargeted of a tank as a civilian vehicle [133]. Poisoning was
where any incorrect classification is attempted.
86 VOLK

demonstrated in [121] for the case of an AI-based drugs medical-related CIs are prone to such attacks, possibly
dosage prescription solution where malicious insertion of leading to an exposure of highly sensitive patient data
8% of the erroneous data to the AI algorithm caused a [152]. The mechanics of individual adversarial AI attacks
75% change in the prescribed drug dosage in 50% of the are represented in Figure 7.
patients. Poisoning attacks are specifically problematic An important observation based on the research of the
because they cannot be detected until the trigger is relevant literature and other public sources is that there
activated, and even then, the deviations from the are currently no widely reported adversarial AI attacks on
expected behaviour can be minimal yet sufficient to real CIs that have been confirmed. The documented cases
cause damage. are largely experimental, with demonstrations primarily
The evasion attacks on the other hand take place in the taking place in experimental environments. Potential
inference phase, where the model inputs are manipulated attack scenarios in specific CIs are summarized in Table
(infected or falsified), inducing misclassification of an 8. However, the lack of reported real-world incidents
already trained model. In this type of the attacks, an does not diminish the concern given the increasing
incorrect response is elicited from the deployed model integration of the AI systems into CI and the field
using adversarial inputs, which are typically requires a further research attention. Protection against
indistinguishable from normal input data, causing an the adversarial AI is essential. It includes the application
incorrect classification. The well-known examples from of appropriate pre-emptive measures suitable for the CIs
the transportation and autonomous driving domain and AI applications therein. The current approaches
include a successful misclassification of stop signs using primarily constitute detection methods, such as real-time
altered images of the stop sign with stickers resembling input monitoring, and robustness methods that comprise
graffiti [122], and autonomous vehicle camera image e.g. resistant training approaches and improved model
perturbations inserting road markings causing the vehicle rigidity to adversarial attacks. Adversarial training is
to steer to the reverse traffic lane [156]. employed where the training data incorporates examples
of attack methods. The applicability of the approach,
however, is highly dependent on the models it can target
Table 8: Adversarial AI attack scenarios in CI
e.g., in IDPS the tree-based algorithms are subject to such
Type of Potential adversarial AI attack scenarios adversarial training technique in order to improve their
infrastructure robustness [123], and on the realism and recency of the
Perturbation of the input data to the AI algorithms modelled attacks in a particular CI environment [124].
used in energy management systems (e.g., The Adversarial Threat Landscape for Artificial-
Smart energy
falsified weather data) inducing an incorrect
systems
demand prediction, causing instabilities or even
Intelligence Systems knowledge base provided by
blackouts. MITRE (MITRE ATLAS) is a relevant resource in this
Input image perturbations inducing an incorrect respect providing adversary tactics and techniques
classification causing a wrong interpretation of against the AI-enabled systems based on real-world
road signs and signatures from the vehicle camera
attack observations and realistic demonstrations from AI
and other sensor readings, resulting in dangerous
Transportation driving behaviour (e.g., using wrong lanes or red teams and security groups [158]. Furthermore, once
infrastructure falsely interpreting road signs). Tampering of the in progress, cyber attacks on AI are very difficult to
traffic conditions data (traffic jams, accidents) to detect because of the explainability problem, where
induce incorrect congestion predictions leading
further research is also required.
to suboptimal rerouting decisions resulting in
congestions and gridlocks.
Tampering with the input sensor data used by AI
5.3 Emerging governance
Water treatment algorithms managing chemical dosing, causing To address the AI explainability and robustness
infrastructure public health hazards because of improper
treatment levels. problems and manage the deceptive consequences of
Exposure of sensitive health data through stealing cyber attacks on AI, numerous standardization and
and reconstruction of the data from AI models certification frameworks are underway globally. This
deployed in smart health systems with access to includes ISO/IEC NP TR 24029-1 addressing the
Healthcare
patient records. Input image perturbation used by
AI-based diagnostics tools causing misdiagnosed
assessment of the robustness of the neural networks [125]
patients and incorrect treatment decisions. and the ISO/IEC TR 5469:2024 on functional safety and
Injection of crafted transaction data that mimics AI systems [126], the OECD AI principles [127], the G20
Financial normal user behaviour to AI-based fraud AI Principles, the World Economic Forum ten AI
services detection systems causing approval of malicious
transactions with direct financial consequences.
Government Procurement Guidelines, and the UNESCO
Recommendation on the ethics of AI [128]. In the EU,
the principal frameworks include the EU Cybersecurity
The third category that also takes place in the
Act establishing the framework for the cybersecurity
inference phase are privacy-related attacks, where an
standards and certification procedures for the digital
attacker reconstructs the model or hijacks the data the
technologies and services available in the EU, which
model was trained on by analysing the black-box model,
among others mandates the EU Agency for Network and
potentially causing an exposure of confidential data in the
Information Security (ENISA) to guide the finalization
training dataset or the model itself [157]. Health- and
of the national certification programmes in the EU
87 SAFER FUTURE: LEVERAGING THE POWER OF AI TO IMPROVE CYBERSECURITY IN CRITICAL INFRASTRUCTURES

member states [129], and the recently enforced EU AI and ethics of AI. This landscape is expected to undergo
Act [130] which provides categorization of the AI further developments in the near future in order to arrive
applications according to their level of risk, establishes a at a more robust, transparent, ethical, trustworthy and
regulatory frameworks similar to the GDPR for the data acceptable AI capable of serving the domains in question
protection, and requires high-risk AI applications to and the society as a whole.
undergo rigorous audits. Several other regional and
national regulatory frameworks are also underway
addressing the security, transparency, trustworthiness
INFERENCE PHASE
a) Poisoning attack b) Evasion attack
INFERENCE PHASE
PERTURBATION

NEW UN- 1
SUBSET MODIFIED
(UNSEEN) MODIFIED
OF DATA DATA
DATA DATA

TRAINING PHASE TRAINING PHASE

MODEL TRAINING MODEL TRAINING
& VALIDATION & VALIDATION
DATA DATA
COLLECTION TRAINING COLLECTION
POISONED 2 TRAINING
DATA DATA DEPLOYED MODEL
DEPLOYED MODEL
XXX
LABEL
1 POISONING
2
3

MODIFIED WRONG CORRECT WRONG INCORRECT

OUTPUT OUTPUT CLASSIFICATION
DATA OUTPUT CLASSIFICATION OUTPUT

INFERENCE PHASE INFERENCE PHASE

c) Inversion attack d) Functional extraction attack
REPEATED QUERIES

REPEATE
REPEATE
D
D
QUERY QUERY QUERIES
QUERY
QUERIES
2
1
TRAINING PHASE TRAINING PHASE
RECONSTRU
MODEL TRAINING MODEL TRAINING CTED MODEL
DATA & VALIDATION DATA & VALIDATION
COLLECTION TRAINING COLLECTION TRAINING
DATA DEPLOYED MODEL DATA DEPLOYED MODEL
FEATURES

1 STEALING
DATA RECONSTRUCTED
DATA
2
OUTPUT OUTPUT OUTPUT

INFERENCE PHASE
e) Prompt injection attack

QUERY

TRAINING PHASE
MODEL TRAINING
INDIRECT
DATA & VALIDATION
PROMPT
COLLECTION TRAINING 2 CORRUPTED
DATA DEPLOYED MODEL 1

MIS-
BEHAVIOR
RESPONSE

Figure 7. The mechanics of the adversarial AI attacks

application, such as the use of the quantum algorithms for

5.4 Other research topics an enhanced AI-based threat detection and response.
There are several further trends emerging in the scope of Ethical AI is emerging as a prominent and challenging
the research on advanced cyber defence and the use of AI research field, currently faced with several crucial
within the CI purview. Convergence of the blockchain considerations [7]. This includes discriminatory AI
technologies and AI is one such direction, aimed to through training data bias inheritance that raises ethical
establish a decentralized and verifiable approach to the concerns associated with fairness and justice, and the
cybersecurity with tamper-evident and immutability ethics of the AI applications in warfare and offensive
controls. Another comprehensive topic is quantum cyber operations generally which, if not appropriately
computing, promising to deliver a new generation of controlled, can unintendedly lead to devastating
encryption capabilities through quantum-resistant consequences, including collateral damage or conflict
cryptography as well as other emerging areas of escalations. The research community is further
concerned also with the robustness of the AI and the
88 VOLK

possibility of being repurposed for malicious activities, Internet-accessible OT devices, and monitoring,
such as AI weaponization. There are also ethical management and possibly removal of any non-vital
concerns and objections with respect to the privacy and remote access. A secure network architecture must be
informed use of AI in the cybersecurity, as well as several implemented using a combination of the approaches and
other challenges associated with the socio-economic and techniques, i.e. demilitarized zones (DMZs), firewalls,
legal impacts, including accountability in decision- sandboxing, and network segmentation to protect the IT
making and AI-induced unemployment. In conclusion, and OT parts specifically from a direct exposure to the
the identification and discussion of the ethical issues and Internet wherever applicable. Secure SW management
value conflicts involved in cybersecurity in relation to CI should be implemented, including SW updates and
and the adoption of the AI applications are fundamentally patches to minimize the exposure through the known
important in assisting further guidance. vulnerabilities. Network hardening must be addressed
6 GUIDANCE ON THE ADOPTION OF AI FOR specifically, by securing remote access through virtual
private network, encryption and multifactor
THE CI CYBER DEFENCE authentication, traffic filtering and the use of geo-
The preceding sections demonstrate the extensive blocking where appropriate etc. Cyber defence capacities
opportunities of AI in providing enhancements to the should be installed by using the IDPS capabilities and
cyber defence capabilities. However, the implementation other targeted cyber protection and defence solutions,
of reliable, resilient and trustworthy AI applications into both in the IT and OT parts of IC. These approaches,
CI is in a nascent phase lacking sufficient best-practice measures and technologies apply to CI irrespective of the
examples and guidance about the most appropriate AI introduction.
approaches. Thus, a set of guidelines is drafted hereafter Securing AI – Dedicated capabilities and measures for
to inform and guide an integrated and strategic approach the AI system are specifically required, during
to an AI-powered secure CI. The guidelines draw from preparation and acquisition, deployment and operation.
key findings in relevant scientific literature, and from In preparation of the AI deployment, supply chain
available advisory resources on securing IT and OT in CI security must be instilled for any part of the AI system
[159][160] and on the introduction and securing AI in provided externally. Also, secure software maintenance
such environments [161]. practices should be adopted, such as the use of
In the process of securing the introduction of an AI cryptographic mechanisms and digital signatures for the
system into CI, four fundamental perspectives can be AI system validation, secure SW storage and versioning.
distinguished, i.e. conducting a thorough risk assessment Prior and during the deployment, hardening of the
and alignment with the general security practice of CI boundaries between the IT environment and the AI
and vulnerability management procedures, securing and system should be installed along with an implementation
hardening the IT/OT environment the AI system is of access control and instalment of privileged access
introduced into, adoption of specific measures and only, and identifying and securing data sources and
technologies to install secure and hardened AI sensitive AI data using encryption at rest and secure
specifically, and continuous maintenance of appropriate communication protocols in transit. Testing and
knowledge capacities. Each of the identified perspectives validation of externally acquired AI models should be
is an essential element of the CI overall security posture, conducted in a secure development environment prior to
entailing a range of the possible approaches requiring a its deployment into production. Testing of the AI system
further consideration and validation through best for the robustness, accuracy and potential vulnerabilities
practices and experience to be gained in the next stages prior to deployment as well as after any subsequent
of the AI-based CI evolution. modifications should also be implemented. Advanced
Risk assessment – The risk assessment is an essential measures, such as adversarial training, should also be
initial phase of the AI introduction, including the considered. If an AI system exposes application
definition of the AI use cases and identification of the programming interfaces, they should be secured through
vulnerabilities and impacts, followed by a risk authentication and authorization and the use of secure
prioritization in the alignment with the CI risks protocols. Penetration testing and audits should be
management strategy. considered by external experts to detect any
Securing the CI environment – AI is considered an IT vulnerabilities that have not been detected internally.
system and will thus be deployed in the IT parts of CI. Once the system is deployed, strong access control
The security and resilience must be planned and installed should be employed for access to the AI model to prevent
in both the IT and OT parts of CI and security measures any tampering, e.g., by using a role- or attribute-based
must be in place for the deployment of the AI specifically access control. The access protection must be specifically
as well as for general robustness of the environment. This focused on the protection of model weights. An
includes hardening through the adoption of the security- automated anomaly detection, analysis and response
by-design and Zero Trust principles, strict oversight over capabilities for the AI system should also be considered
remote access and Internet connections, using also to identify and react to any possible cybersecurity
publicly available resources such as Shodan to discover incident. This entails active an AI behaviour monitoring
to detect unauthorized changes and access and inference
89 SAFER FUTURE: LEVERAGING THE POWER OF AI TO IMPROVE CYBERSECURITY IN CRITICAL INFRASTRUCTURES

attempts, as well as any further security posture updates ACKNOWLEDGEMENTS

as new threats emerge. Finally, capabilities for a manual
inspection and mitigation should be in place in order to The research received support from the Slovenian
prevent overreliance on the AI system and instil its Research and Innovation Agency, the Ministry of
augmentation instead. Defence of Slovenia, and the Government Information
Awareness, training and knowledge capacity building Security Office of Slovenia, through the research project
– User training and awareness as well as advanced “Cyber security of defence systems and critical
knowledge building should be instilled and maintained at infrastructures” (grant nr. V2-2378), and the research
all times to minimize the human error and support a program “Decentralized Solutions for the Digitalization
secure and trustworthy AI operation maintenance in CI. of Industry and Smart Cities and Communities” (grant nr.
This includes knowledge about the security principles P2-0425).
generally as well as about specific topics, such as secure LITERATURE
password management, secure data handling, phishing
[1] Riggs, H., Tufail, S., Parvez, I., Tariq, M., Khan, M. A., Amir, A.,
prevention, etc. Advanced knowledge should be ... & Sarwat, A. I. (2023). Impact, vulnerabilities, and mitigation
maintained and improved on a continuous basis in the strategies for cyber-secure critical infrastructure. Sensors, 23(8),
essential AI-related areas, such as awareness about the 4060.
current and emerging threat landscape, explainability, [2] Stevens, T. (2020). Knowledge in the grey zone: AI and
cybersecurity. Digital War, 1(1), 164-170.
ethics and adversarial robustness.
[3] Sakhnini, J., Karimipour, H., Dehghantanha, A., & Parizi, R. M.
The presented guidelines are drafted in order to (2020). AI and security of critical infrastructure. Handbook of Big
provide a general orientation in crucial aspects of the use Data Privacy, 7-36.
of AI for the cybersecurity in the CI environments. [4] OT Cybersecurity: The Ultimate Guide. (2022, April
However, in order to fully exploit the potential of the AI- 25). Industrial Defencer. Retrieved February 12, 2024, from
https://www.industrialdefender.com/blog/ot-cybersecurity-the-
enhanced cyber defence, the presented guidance must be ultimate-guide.
further complemented with knowledge, capacities and [5] Mesbah, M., Elsayed, M. S., Jurcut, A. D., & Azer, M. (2023).
procedures to install a continuous evolution in all Analysis of ICS and SCADA Systems Attacks Using Honeypots.
relevant topics, existent and emerging guidance on the Future Internet, 15(7), 241.
security, standardization and certification of CI, as well [6] Lella, I., Ciobanu, C., Tsekmezoglou, E., Theocharidou, M.,
Magonara, E., Malatras, A., & Svetozarov Naydenov, R. (2023).
as sustained collaboration and communication with the ENISA threat landscape 2023: July 2022 to June 2023.
relevant cybersecurity advisories and the research [7] Viganò, E., Loi, M., & Yaghmaei, E. (2020). Cybersecurity of
community to understand and instil the latest critical infrastructure. The Ethics of Cybersecurity, 157-177.
technological advancements and practices and thus [8] Significant Cyber Incidents. (2023, May 7). Center for Strategic &
maintain a cutting-edge posture of the AI-enabled CI International Studies (CSIS). Retrieved March 23, 2024, from
https://www.csis.org/programs/strategic-technologies-
cyber defence. program/significant-cyber-incidents.
[9] ICS Matrix. (n.d.). MITRE ATT&CK. Retrieved March 27, 2024,
from https://attack.mitre.org/matrices/ics/.
7 CONCLUSION [10] ELITEWOLF. (n.d.). Github. Retrieved March 27, 2024, from
The AI adoption marks a significant advancement https://github.com/nsacyber/ELITEWOLF.
[11] Easterly. (2023, May 7). The Attack on Colonial Pipeline: What
towards enhancing the cyber defence capabilities in
We’ve Learned & What We’ve Done Over the Past Two
response to the increasingly sophisticated threats in CI. Years. Cybersecurity and Infrastructure Security Agency (CISA).
This paper shows that the dynamic, adaptive, and Retrieved March 23, 2024, from https://www.cisa.gov/news-
intelligence-driven AI applications not only fortify the events/news/attack-colonial-pipeline-what-weve-learned-what-
weve-done-over-past-two-years.
defence mechanisms but also propel the development of
[12] Cyber-Attack Against Ukrainian Critical Infrastructure. (2021,
more resilient critical infrastructures. However, the July 20). Cybersecurity and Infrastructure Security Agency
discussed approaches and capabilities introduce (CISA). Retrieved March 23, 2024, from
complexities and considerations, particularly in terms of https://www.cisa.gov/news-events/ics-alerts/ir-alert-h-16-056-01.
the resilience, robustness, explainability, ethical use, and [13] Falliere, Falliere, O. Murchu, & Chien. (2010, November).
W32.Stuxnet Dossier. In Symantec Security Response. Retrieved
the need for robust AI governance frameworks. In an March 19, 2024, from
attempt to harness its potential while prioritizing safety https://www.wired.com/images_blogs/threatlevel/2010/11/w32_st
and trustworthiness, the effectiveness of the AI systems uxnet_dossier.pdf.
for the cyber defence must be continuously assessed [14] ICS Focused Malware. (2021, July 20). Cybersecurity and
against the emerging CI threats and vulnerabilities, Infrastructure Security Agency (CISA). Retrieved March 23, 2024,
from https://www.cisa.gov/news-events/ics-advisories/icsa-14-
carefully considering also the aspects of dual use, and a 178-01.
balance should be sought between the advancements in [15] CRASHOVERRIDE Malware. (2017, July 25). Cybersecurity and
innovation and their ethical application into practice. Last Infrastructure Security Agency (CISA). Retrieved March 23, 2024,
but not least, emphasizing collaboration across sectors from https://www.cisa.gov/news-events/ics-alerts/ics-alert-17-
206-01.
and a continuous and thoughtful consideration of best
[16] TRITON Malware Targeting Safety Controllers. (2017, December
practices as they emerge will be of the utmost importance 22). In National Cyber Security Center. Retrieved March 19, 2024,
in establishing future pathways for this particular sector. from https://www.ncsc.gov.uk/information/triton-malware-
targeting-safety-controllers.
90 VOLK

[17] Advanced Persistent Threat Compromise of Government [35] Yarali, A., & Sahawneh, F. G. (2019, December). Deception:
Agencies, Critical Infrastructure, and Private Sector Organizations. Technologies and strategy for cybersecurity. In 2019 IEEE
(2021, April 15). Cybersecurity and Infrastructure Security International Conference on Smart Cloud (SmartCloud) (pp. 110-
Agency (CISA). Retrieved March 23, 2024, from 120). IEEE.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa20- [36] Grigoriou, E., Liatifis, A., Grammatikis, P. R., Lagkas, T.,
352a. Moscholios, I., Markakis, E., & Sarigiannidis, P. (2022, July).
[18] APT10: sophisticated multi-layered loader Ecipekac discovered in Protecting IEC 60870-5-104 ICS/SCADA systems with honeypots.
A41APT campaign. (2021, March 30). Securelist by Kaspersky. In 2022 IEEE international conference on cyber security and
Retrieved March 23, 2024, from https://securelist.com/apt10- resilience (CSR) (pp. 345-350). IEEE.
sophisticated-multi-layered-loader-ecipekac-discovered-in- [37] Husák, M., Jirsík, T., & Yang, S. J. (2020, August). SoK:
a41apt-campaign/101519/ contemporary issues and challenges to enable cyber situational
[19] Aver. (2021, January 13). An employee, fired. Kaspersky Daily. awareness for network security. In Proceedings of the 15th
Retrieved March 23, 2024, from International Conference on Availability, Reliability and Security
https://www.kaspersky.com/blog/fired-insider/38381/. (pp. 1-10).
[20] Pryimenko. (2023, September 13). 7 Examples of Real-Life Data [38] Mashima, D. (2022). Mitre att&ck based evaluation on in-network
Breaches Caused by Insider Threats . Ekran. Retrieved March 23, deception technology for modernized electrical substation systems.
2024, from https://www.techtarget.com/searchsecurity/tip/The- Sustainability, 14(3), 1256.
biggest-ransomware-attacks-in-history. [39] Kiennert, C., Ismail, Z., Debar, H., & Leneutre, J. (2018). A survey
[21] K. Pratt. (2023, September 13). The 10 biggest ransomware attacks on game-theoretic approaches for intrusion detection and response
in history. TechTarget. Retrieved March 23, 2024, from optimization. ACM Computing Surveys (CSUR), 51(5), 1-31.
https://www.techtarget.com/searchsecurity/tip/The-biggest- [40] Dionaea. (n.d.). Github. Retrieved March 27, 2024, from
ransomware-attacks-in-history. https://github.com/DinoTools/dionaea).
[22] Case study: VIASAT. (2022, June). CyberPeace Institute. [41] Cowrie. (n.d.). Github. Retrieved March 27, 2024, from
Retrieved March 23, 2024, from https://github.com/cowrie/cowrie.
https://cyberconflicts.cyberpeaceinstitute.org/law-and- [42] Advanced Honeypot framework. (n.d.). Github. Retrieved March
policy/cases/viasat. 27, 2024, from https://github.com/honeytrap/honeytrap)
[23] Winberg. (2021, June 2). Analysis of top 11 cyber attacks on [43] Kuskov, Kuzin, Shmelev, Makrushin, & Grachev. (2017, June 19).
critical infrastructure. Retrieved March 23, 2024, from Honeypots and the Internet of Things. Securelist By Kaspersky.
https://www.england.nhs.uk/long-read/case-study-wannacry- Retrieved April 18, 2024, from https://securelist.com/honeypots-
attack/. and-the-internet-of-things/78751/.
[24] NHS England business continuity management toolkit case study: [44] Jicha, A., Patton, M., & Chen, H. (2016, September). SCADA
WannaCry attack. (2023, April 21). In NHS England. Retrieved honeypots: An in-depth analysis of Conpot. In 2016 IEEE
April 1, 2024, from https://www.england.nhs.uk/long-read/case- conference on intelligence and security informatics (ISI) (pp. 196-
study-wannacry-attack/. 198). IEEE.
[25] Sarker, I. H. (2023). Machine learning for intelligent data analysis [45] Pliatsios, D., Sarigiannidis, P., Liatifis, T., Rompolos, K., &
and automation in cybersecurity: current and future prospects. Siniosoglou, I. (2019, September). A novel and interactive
Annals of Data Science, 10(6), 1473-1498. industrial control system honeypot for critical smart grid
[26] National Institute of Standards and Technology. (2024, February infrastructure. In 2019 IEEE 24th International Workshop on
26). The NIST Cybersecurity Framework (CSF) 2.0 (NIST CSWP Computer Aided Modeling and Design of Communication Links
29). Retrieved April 18, 2024, from and Networks (CAMAD) (pp. 1-6). IEEE.
https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf [46] Scott, C., & Carbone, R. (2014). Designing and Implementing a
[27] Ntingi, N., Duvenage, P., du Toit, J., & von Solms, S. (2022, June). Honeypot for a SCADA Network. SANS Institute Reading Room,
Effective Cyber Threat Hunting: Where and how does it fit?. In 39.
European Conference on Cyber Warfare and Security (Vol. 21, No. [47] Hyun, D. (2018). Collecting cyberattack data for industrial control
1, pp. 206-213). systems using honeypots (Doctoral dissertation, Monterey,
[28] Vargas Martínez, C., & Vogel-Heuser, B. (2018). Towards California: Naval Postgraduate School).
industrial intrusion prevention systems: A concept and [48] Cao, J., Li, W., Li, J., & Li, B. (2018). Dipot: A distributed
implementation for reactive protection. Applied Sciences, 8(12), industrial honeypot system. In Smart Computing and
2460. Communication: Second International Conference, SmartCom
[29] Alanazi, S. S., Alanazi, A. A. (2022). Knowing the Unknown: The 2017, Shenzhen, China, December 10-12, 2017, Proceedings 2 (pp.
Hunting Loop. Int. j. adv. appl. sci., 1(9), 8-19. 300-309). Springer International Publishing.
[30] Santoso, F., & Finn, A. (2023). An In-Depth Examination of [49] López-Morales, E., Rubio-Medrano, C., Doupé, A.,
Artificial Intelligence-Enhanced Cybersecurity in Robotics, Shoshitaishvili, Y., Wang, R., Bao, T., & Ahn, G. J. (2020,
Autonomous Systems, and Critical Infrastructures. IEEE October). Honeyplc: A next-generation honeypot for industrial
Transactions on Services Computing. control systems. In Proceedings of the 2020 ACM SIGSAC
[31] Al-Hamadi, H., Chen, R., Wang, D. C., & Almashan, M. (2020). Conference on Computer and Communications Security (pp. 279-
Attack and defense strategies for intrusion detection in autonomous 291).
distributed IoT systems. IEEE Access, 8, 168994-169009. [50] You, J., Lv, S., Sun, Y., Wen, H., & Sun, L. (2021, June). Honeyvp:
[32] Schermann, R., Ammerer, T., Stelzer, P., Macher, G., & Steger, C. A cost-effective hybrid honeypot architecture for industrial control
(2023, October). Risk-Aware Intrusion Detection and Prevention systems. In ICC 2021-IEEE International Conference on
System for Automated UAS. In 2023 IEEE 34th International Communications (pp. 1-6). IEEE.
Symposium on Software Reliability Engineering Workshops [51] Dutta, N., Jadav, N., Dutiya, N., & Joshi, D. (2020). Using
(ISSREW) (pp. 148-153). IEEE. honeypots for ICS threats evaluation. Recent developments on
[33] Mohan, S. N., Ravikumar, G., & Govindarasu, M. (2020, October). industrial control systems resilience, 175-196.
Distributed intrusion detection system using semantic-based rules [52] Kendrick, M. M., & Rucker, Z. A. (2019). Energy-grid threat
for SCADA in smart grid. In 2020 IEEE/PES Transmission and analysis using honeypots (Doctoral dissertation, Monterey, CA;
Distribution Conference and Exposition (T&D) (pp. 1-5). IEEE. Naval Postgraduate School).
[34] Callegari, C., Forti, A. C., D'Amore, G., de la Hoz, E., Santamaria, [53] Buza, D. I., Juhász, F., Miru, G., Félegyházi, M., & Holczer, T.
D. E., García-Ferreira, I., & López-Civera, G. (2016, July). An (2014). CryPLH: Protecting smart energy systems from targeted
Architecture for Securing Communications in Critical attacks with a PLC honeypot. In Smart Grid Security: Second
Infrastructure. In DCNET (pp. 111-120). International Workshop, SmartGridSec 2014, Munich, Germany,
91 SAFER FUTURE: LEVERAGING THE POWER OF AI TO IMPROVE CYBERSECURITY IN CRITICAL INFRASTRUCTURES

February 26, 2014, Revised Selected Papers 2 (pp. 181-192). smart grid based on cart decision tree. In 2018 global information
Springer International Publishing. infrastructure and networking symposium (GIIS) (pp. 1-5). IEEE.
[54] Litchfield, S., Formby, D., Rogers, J., Meliopoulos, S., & Beyah, [73] Ham, H. S., Kim, H. H., Kim, M. S., & Choi, M. J. (2014). Linear
R. (2016). Rethinking the honeypot for cyber-physical systems. SVM-based android malware detection for reliable IoT services.
IEEE Internet Computing, 20(5), 9-17. Journal of Applied Mathematics, 2014.
[55] Navarro, O., Balbastre, S. A. J., & Beyer, S. (2019). Gathering [74] Bapat, R., Mandya, A., Liu, X., Abraham, B., Brown, D. E., Kang,
Intelligence Through Realistic Industrial Control System H., & Veeraraghavan, M. (2018, April). Identifying malicious
Honeypots: A Real-World Industrial Experience Report. In botnet traffic using logistic regression. In 2018 systems and
Critical Information Infrastructures Security: 13th International information engineering design symposium (SIEDS) (pp. 266-271).
Conference, CRITIS 2018, Kaunas, Lithuania, September 24-26, IEEE.
2018, Revised Selected Papers 13 (pp. 143-153). Springer [75] Dakheel, A. H., Dakheel, A. H., & Abbas, H. H. (2019). Intrusion
International Publishing. detection system in gas-pipeline industry using machine learning.
[56] Kato, S., Tanabe, R., Yoshioka, K., & Matsumoto, T. (2021, May). Periodicals of Engineering and Natural Sciences, 7(3), 1030-1040.
Adaptive observation of emerging cyber attacks targeting various [76] Markevych, M., & Dawson, M. (2023, July). A review of
IoT devices. In 2021 IFIP/IEEE International Symposium on enhancing intrusion detection systems for cybersecurity using
Integrated Network Management (IM) (pp. 143-151). IEEE. artificial intelligence (ai). In International conference Knowledge-
[57] Hilt, S., Maggi, F., Perine, C., Remorin, L., Rösler, M., & Vosseler, based Organization (Vol. 29, No. 3, pp. 30-37).
R. (2020). Caught in the act: Running a realistic factory honeypot [77] Chang, Y., Li, W., & Yang, Z. (2017, July). Network intrusion
to capture real threats. Trend Micro Research. detection based on random forest and support vector machine. In
[58] Pahl, M. O., Kabil, A., Bourget, E., Gay, M., & Brun, P. E. (2020). 2017 IEEE international conference on computational science and
A mixed-interaction critical infrastructure honeypot. European engineering (CSE) and IEEE international conference on
Cyber Week CAESAR. embedded and ubiquitous computing (EUC) (Vol. 1, pp. 635-638).
[59] GasPot Released at Blackhat 2015. (n.d.). Github. Retrieved IEEE.
March 27, 2024, from https://github.com/sjhilt/GasPot [78] Mughaid, A., AlJamal, M., Issa, A. A., AlJamal, M., Alquran, R.,
[60] Kołtyś, K., & Gajewski, R. (2015). Shape: A honeypot for electric AlZu'bi, S., & Abutabanjeh, A. A. (2023, October). Enhancing
power substation. Journal of telecommunications and information cybersecurity in scada iot systems: A novel machine learning-
technology, (4), 37-43. based approach for man-in-the-middle attack detection. In 2023
[61] Wilhoit, K. (2013). Who’s really attacking your ICS 3rd Intelligent Cybersecurity Conference (ICSC) (pp. 74-79).
equipment?. Trend Micro, 10. IEEE.
[62] Murillo, A. F., Cómbita, L. F., Gonzalez, A. C., Rueda, S., [79] Mohamed, T., Otsuka, T., & Ito, T. (2018). Towards machine
Cardenas, A. A., & Quijano, N. (2018, December). A virtual learning based IoT intrusion detection service. In Recent Trends
environment for industrial control systems: A nonlinear use-case in and Future Technology in Applied Intelligence: 31st International
attack detection, identification, and response. In Proceedings of the Conference on Industrial Engineering and Other Applications of
4th Annual Industrial Control System Security Workshop (pp. 25- Applied Intelligent Systems, IEA/AIE 2018, Montreal, QC,
32). Canada, June 25-28, 2018, Proceedings 31 (pp. 580-585).
[63] Bernieri, G., Conti, M., & Pascucci, F. (2019, October). Mimepot: Springer International Publishing.
a model-based honeypot for industrial control networks. In 2019 [80] Sellappan, D., & Srinivasan, R. (2020). Association rule-mining-
IEEE International conference on systems, man and cybernetics based intrusion detection system with entropy-based feature
(SMC) (pp. 433-438). IEEE. selection: Intrusion detection system. In Handbook of Research on
[64] Siniosoglou, I., Efstathopoulos, G., Pliatsios, D., Moscholios, I. D., Intelligent Data Processing and Information Security Systems (pp.
Sarigiannidis, A., Sakellari, G., ... & Sarigiannidis, P. (2020, July). 1-24). IGI Global.
NeuralPot: An industrial honeypot implementation based on deep [81] Ul Islam, R., Hossain, M. S., & Andersson, K. (2018). A novel
neural networks. In 2020 IEEE Symposium on Computers and anomaly detection algorithm for sensor data under uncertainty. Soft
Communications (ISCC) (pp. 1-7). IEEE. Computing, 22(5), 1623-1639.
[65] Kaur, R., Gabrijelčič, D., & Klobučar, T. (2023). Artificial [82] Diaba, S. Y., Anafo, T., Tetteh, L. A., Oyibo, M. A., Alola, A. A.,
intelligence for cybersecurity: Literature review and future Shafie-Khah, M., & Elmusrati, M. (2023). SCADA securing
research directions. Information Fusion, 101804. system using deep learning to prevent cyber infiltration. Neural
[66] Petrovic, N., & Jovanovic, A. (2023). Towards Resilient Cyber Networks, 165, 321-332.
Infrastructure: Optimizing Protection Strategies with AI and [83] Alimi, O. A., Ouahada, K., Abu-Mahfouz, A. M., Rimer, S., &
Machine Learning in Cybersecurity Paradigms. International Alimi, K. O. A. (2021). A review of research works on supervised
Journal of Information and Cybersecurity, 7(12), 44-60. learning algorithms for SCADA intrusion detection and
[67] Schmitt, M. (2023). Securing the Digital World: Protecting smart classification. Sustainability, 13(17), 9597.
infrastructures and digital industries with Artificial Intelligence [84] Abdullahi, M., Alhussian, H., Aziz, N., Abdulkadir, S. J., &
(AI)-enabled malware and intrusion detection. Journal of Baashar, Y. (2022, August). Deep Learning Model for
Industrial Information Integration, 36, 100520. Cybersecurity Attack Detection in Cyber-Physical Systems. In
[68] Neupane, S., Ables, J., Anderson, W., Mittal, S., Rahimi, S., 2022 6th International Conference On Computing,
Banicescu, I., & Seale, M. (2022). Explainable intrusion detection Communication, Control And Automation (ICCUBEA) (pp. 1-5).
systems (x-ids): A survey of current methods, challenges, and IEEE.
opportunities. IEEE Access, 10, 112392-112415. [85] Siniosoglou, I., Radoglou-Grammatikis, P., Efstathopoulos, G.,
[69] Iliyasu, A. S., Abdurrahman, U. A., & Zheng, L. (2022). Few-shot Fouliras, P., & Sarigiannidis, P. (2021). A unified deep learning
network intrusion detection using discriminative representation anomaly detection and classification approach for smart grid
learning with supervised autoencoder. Applied Sciences, 12(5), environments. IEEE Transactions on Network and Service
2351. Management, 18(2), 1137-1151.
[70] Al-Janabi, M., Ismail, M. A., & Ali, A. H. (2021). Intrusion [86] Rajesh, M., Vincent, R., Kathuria, S., Jamalpur, B., Durgam, T., &
Detection Systems, Issues, Challenges, and Needs. Int. J. Comput. Jaiswal, T. (2023, December). Design of Deep Learning Models
Intell. Syst., 14(1), 560-571. for the Identification of Harmful Attack Activities in the Industrial
[71] Taddeo, M., McCutcheon, T., & Floridi, L. (2019). Trusting Internet of Things (IIOT). In 2023 10th IEEE Uttar Pradesh
Section International Conference on Electrical, Electronics and
artificial intelligence in cybersecurity is a double-edged sword.
Computer Engineering (UPCON) (Vol. 10, pp. 1765-1771). IEEE.
Nature Machine Intelligence, 1(12), 557-560.
[72] Radoglou-Grammatikis, P. I., & Sarigiannidis, P. G. (2018, [87] Santoso, F., & Finn, A. (2023). Trusted Operations of a Military
October). An anomaly-based intrusion detection system for the Ground Robot in the Face of Man-in-the-Middle Cyber-Attacks
Using Deep Learning Convolutional Neural Networks: Real-Time
92 VOLK

Experimental Outcomes. IEEE Transactions on Dependable and [105] Wang, B. X., Chen, J. L., & Yu, C. L. (2022). An ai-powered
Secure Computing. network threat detection system. IEEE Access, 10, 54029-54037.
[88] Wang, W., Zhao, M., & Wang, J. (2019). Effective android [106] Memos, V. A., & Psannis, K. E. (2020, October). AI-powered
malware detection with a hybrid model based on deep autoencoder honeypots for enhanced IoT botnet detection. In 2020 3rd World
and convolutional neural network. Journal of Ambient Intelligence Symposium on Communication Engineering (WSCE) (pp. 64-68).
and Humanized Computing, 10, 3035-3043. IEEE.
[89] Yan, B., & Han, G. (2018). Effective feature extraction via stacked [107] Araujo, F., Ayoade, G., Al-Naami, K., Gao, Y., Hamlen, K. W.,
sparse autoencoder to improve intrusion detection system. IEEE & Khan, L. (2019, December). Improving intrusion detectors by
Access, 6, 41238-41248. crook-sourcing. In Proceedings of the 35th Annual Computer
[90] Wei, P., Li, Y., Zhang, Z., Hu, T., Li, Z., & Liu, D. (2019). An Security Applications Conference (pp. 245-256).
optimization method for intrusion detection classification model [108] Schaul, T., Bayer, J., Wierstra, D., Sun, Y., Felder, M., Sehnke,
based on deep belief network. IEEE Access, 7, 87593-87605. F., ... & Schmidhuber, J. (2010). PyBrain. Journal of Machine
[91] Rathore, S., & Park, J. H. (2018). Semi-supervised learning based Learning Research, 11, 743-746.
distributed attack detection framework for IoT. Applied Soft [109] Pauna, A., & Bica, I. (2014, May). RASSH-Reinforced adaptive
Computing, 72, 79-89. SSH honeypot. In 2014 10th International Conference on
[92] Zhang, Y., Wang, J., & Chen, B. (2020). Detecting false data Communications (COMM) (pp. 1-6). IEEE.
injection attacks in smart grids: A semi-supervised deep learning [110] Karuna, P., Purohit, H., Jajodia, S., Ganesan, R., & Uzuner, O.
approach. IEEE Transactions on Smart Grid, 12(1), 623-634. (2020). Fake document generation for cyber deception by
[93] Kurt, M. N., Ogundijo, O., Li, C., & Wang, X. (2018). Online manipulating text comprehensibility. IEEE Systems Journal, 15(1),
cyber-attack detection in smart grid: A reinforcement learning 835-845.
approach. IEEE Transactions on Smart Grid, 10(5), 5174-5185. [111] Ansari, M. S., Bartoš, V., & Lee, B. (2022). GRU-based deep
[94] Oh, M. H., & Iyengar, G. (2019, July). Sequential anomaly learning approach for network intrusion alert prediction. Future
detection using inverse reinforcement learning. In Proceedings of Generation Computer Systems, 128, 235-247.
the 25th ACM SIGKDD International Conference on Knowledge [112] Al Najada, H., Mahgoub, I., & Mohammed, I. (2018, November).
Discovery & data mining (pp. 1480-1490). Cyber intrusion prediction and taxonomy system using deep
[95] Constantinides, C., Shiaeles, S., Ghita, B., & Kolokotronis, N. learning and distributed big data processing. In 2018 IEEE
(2019, June). A novel online incremental learning intrusion symposium series on computational intelligence (SSCI) (pp. 631-
prevention system. In 2019 10th IFIP International Conference on 638). IEEE.
New Technologies, Mobility and Security (NTMS) (pp. 1-6). IEEE. [113] Rhode, M., Burnap, P., & Jones, K. (2018). Early-stage malware
[96] Panfili, M., Giuseppi, A., Fiaschetti, A., Al-Jibreen, H. B., prediction using recurrent neural networks. Computers & security,
Pietrabissa, A., & Priscoli, F. D. (2018, June). A game-theoretical 77, 578-594.
approach to cyber-security of critical infrastructures based on [114] Radoglou-Grammatikis, P., Sarigiannidis, P., Iturbe, E., Rios, E.,
multi-agent reinforcement learning. In 2018 26th Mediterranean Martinez, S., Sarigiannidis, A., ... & Ramos, F. (2021). Spear siem:
Conference on Control and Automation (MED) (pp. 460-465). A security information and event management system for the smart
IEEE. grid. Computer Networks, 193, 108008.
[97] DeCastro‐García, N., Muñoz Castañeda, Á. L., & Fernández‐ [115] Zhang, F., Kodituwakku, H. A. D. E., Hines, J. W., & Coble, J.
Rodríguez, M. (2020). Machine learning for automatic assignment (2019). Multilayer data-driven cyber-attack detection system for
of the severity of cybersecurity events. Computational and industrial control systems based on network, system, and process
Mathematical Methods, 2(1), e1072. data. IEEE Transactions on Industrial Informatics, 15(7), 4362-
[98] Manganiello, F., Marchetti, M., & Colajanni, M. (2011). Multistep 4369.
attack detection and alert correlation in intrusion detection systems. [116] Fatani, A., Abd Elaziz, M., Dahou, A., Al-Qaness, M. A., & Lu,
In Information Security and Assurance: International Conference, S. (2021). IoT intrusion detection system using deep learning and
ISA 2011, Brno, Czech Republic, August 15-17, 2011. Proceedings enhanced transient search optimization. IEEE Access, 9, 123448-
(pp. 101-110). Springer Berlin Heidelberg. 123464.
[99] Dey, A., Totel, E., & Navers, S. (2021). Heterogeneous security [117] Medjek, F., Tandjaoui, D., Djedjig, N., & Romdhani, I. (2021).
events prioritization using auto-encoders. In Risks and Security of Fault-tolerant AI-driven intrusion detection system for the internet
Internet and Systems: 15th International Conference, CRiSIS 2020, of things. International Journal of Critical Infrastructure
Paris, France, November 4–6, 2020, Revised Selected Papers 15 Protection, 34, 100436.
(pp. 164-180). Springer International Publishing. [118] Shukla, K. A., Ahamad, S., Rao, G. N., Al-Asadi, A. J., Gupta,
[100] Obaidat, M., Brown, J., & Alnusair, A. (2021, May). Blind attack A., & Kumbhkar, M. (2021, December). Artificial intelligence
flaws in adaptive honeypot strategies. In 2021 IEEE World AI IoT assisted IoT data intrusion detection. In 2021 4th International
Congress (AIIoT) (pp. 0491-0496). IEEE. Conference on Computing and Communications Technologies
[101] Lopez–Yepez, J. S., & Fagette, A. (2022, December). Increasing (ICCCT) (pp. 330-335). IEEE.
attacker engagement on SSH honeypots using semantic [119] European Union Agency for Cybersecurity, Malatras, A., Dede,
embeddings of cyber-attack patterns and deep reinforcement G. (2020). AI cybersecurity challenges : threat landscape for
learning. In 2022 IEEE Symposium Series on Computational artificial intelligence, European Network and Information Security
Intelligence (SSCI) (pp. 389-395). IEEE. Agency. https://data.europa.eu/doi/10.2824/238222.
[102] Pauna, A., Iacob, A. C., & Bica, I. (2018, June). Qrassh-a self- [120] Vitorino, J., Oliveira, N., & Praça, I. (2022). Adaptative
adaptive ssh honeypot driven by q-learning. In 2018 international perturbation patterns: Realistic adversarial learning for robust
conference on communications (COMM) (pp. 441-446). IEEE. intrusion detection. Future Internet, 14(4), 108.
[103] Dowling, S., Schukat, M., & Barrett, E. (2019). Using [121] Jagielski, M., Oprea, A., Biggio, B., Liu, C., Nita-Rotaru, C., &
reinforcement learning to conceal honeypot functionality. In Li, B. (2018, May). Manipulating machine learning: Poisoning
Machine Learning and Knowledge Discovery in Databases: attacks and countermeasures for regression learning. In 2018 IEEE
European Conference, ECML PKDD 2018, Dublin, Ireland, symposium on security and privacy (SP) (pp. 19-35). IEEE.
September 10–14, 2018, Proceedings, Part III 18 (pp. 341-355). [122] Zhong, H., Liao, C., Squicciarini, A. C., Zhu, S., & Miller, D.
Springer International Publishing. (2020, March). Backdoor embedding in convolutional neural
[104] Vishwakarma, R., & Jain, A. K. (2019, April). A honeypot with network models via invisible perturbation. In Proceedings of the
machine learning based detection framework for defending IoT Tenth ACM Conference on Data and Application Security and
based botnet DDoS attacks. In 2019 3rd International Conference Privacy (pp. 97-108).
on Trends in Electronics and Informatics (ICOEI) (pp. 1019-1024).
IEEE.
93 SAFER FUTURE: LEVERAGING THE POWER OF AI TO IMPROVE CYBERSECURITY IN CRITICAL INFRASTRUCTURES

[123] Vos, D., & Verwer, S. (2021, July). Efficient training of robust [138] KDD Cup 1999 Data. (1999, October 28). LINCOLN
decision trees against adversarial examples. In International LABORATORY, MASSACHUSETTS INSTITUTE OF
Conference on Machine Learning (pp. 10586-10595). PMLR. TECHNOLOGY. Retrieved April 8, 2024, from
[124] Martins, N., Cruz, J. M., Cruz, T., & Abreu, P. H. (2020). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
Adversarial machine learning applied to intrusion and malware [139] Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. A. (2009,
scenarios: a systematic review. IEEE Access, 8, 35403-35419. July). A detailed analysis of the KDD CUP 99 data set. In 2009
[125] ISO/IEC TR 24029-1:202, Artificial Intelligence (AI) — IEEE symposium on computational intelligence for security and
Assessment of the robustness of neural networks (2021, March). In defense applications (pp. 1-6). IEEE.
ISO (SO/IEC TR 24029-1:2021) Retrieved March 31, 2024, from [140] Intrusion detection evaluation dataset (CIC-IDS2017). (n.d.).
https://www.iso.org/standard/77609.html. University of New Brunswick. Retrieved April 8, 2024, from
[126] Artificial intelligence Functional safety and AI systems. (2024, https://www.unb.ca/cic/datasets/ids-2017.
January). In ISO (ISO/IEC TR 5469:2024). Retrieved March 31, [141] The CAIDA “DDoS Attack 2007” Dataset. (n.d.). CAIDA.
2024, from https://www.iso.org/standard/81283.html Retrieved April 8, 2024, from
[127] OECD. (2019, May 22). Recommendation of the Council on http://www.caida.org/data/passive/ddos-20070804-
Artificial Intelligence. In OECD Legal dataset.xml/https://www.caida.org/catalog/datasets/ddos-
Instruments (OECD/LEGAL/0449). Retrieved March 31, 2024, 20070804_dataset/.
from https://legalinstruments.oecd.org/en/instruments/OECD- [142] ISCX datasets, 2009-2016. (n.d.). Univeristy of New Brunswick.
LEGAL-0449 Retrieved April 8, 2024, from
[128] UNESCO. (2022). Recommendation on the Ethics of Artificial http://www.unb.ca/cic/datasets/index.html.
Intelligence. In UNESCO (SHS/BIO/PI/2021/1). Retrieved March [143] SPECIAL DATASET CTU-13. (n.d.). Stratosphere Lab. Retrieved
31, 2024, from April 8, 2024, from https://stratosphereips.org/category/datasets-
https://unesdoc.unesco.org/ark:/48223/pf0000381137 ctu13.
[129] Regulation (EU) 2019/881 of the European Parliament and of the [144] Moustafa, N., & Slay, J. (2015, November). UNSW-NB15: a
Council of 17 April 2019 on ENISA (the European Union Agency comprehensive data set for network intrusion detection systems
for Cybersecurity) and on information and communications (UNSW-NB15 network data set). In 2015 military communications
technology cybersecurity certification and repealing Regulation and information systems conference (MilCIS) (pp. 1-6). IEEE.
(EU) No 526/2013 (Cybersecurity Act). (2019, June 7). In EUR- [145] DDoS evaluation dataset (CIC-DDoS2019). (n.d.). University of
Lex (PE/86/2018/REV/1). Retrieved March 30, 2024, from New Brunswick. Retrieved April 11, 2024, from
https://eur-lex.europa.eu/eli/reg/2019/881/oj. https://www.unb.ca/cic/datasets/ddos-2019.html
[130] AI Act. (n.d.). European Commission. Retrieved March 31, 2024, [146] The UNSW-NB15 Dataset. (n.d.). UNSW Sidney. Retrieved
from https://digital-strategy.ec.europa.eu/en/policies/regulatory- April 8, 2024, from https://research.unsw.edu.au/projects/unsw-
framework- nb15-dataset.
ai#:~:text=The%20AI%20Act%20is%20the%20first%2Dever%2 [147] CSE-CIC-IDS2018 on AWS. (n.d.). University of New
0comprehensive%20legal%20framework,powerful%20and%20i Brunswick. Retrieved April 8, 2024, from
mpactful%20AI%20models https://www.unb.ca/cic/datasets/ids-2018.html.
[131] Erokhin, S. D., & Zhuravlev, A. P. (2020, July). A Comparative [148] WUSTL-IIOT-2018 Dataset for ICS (SCADA) Cybersecurity
Analysis of Public Cyber Security Datasets. In 2020 Systems of Research. (n.d.). Washington University in St. Louis. Retrieved
Signal Synchronization, Generating and Processing in April 8, 2024, from
Telecommunications (SYNCHROINFO) (pp. 1-7). IEEE. https://www.cse.wustl.edu/~jain/iiot/index.html.
[132] Kastelic. (2021, April 6). International Cooperation to Mitigate [149] ADFA IDS Datasets. (n.d.). UNSW Sidney. Retrieved April 8,
Cyber Operations against Critical Infrastructure: Normative 2024, from https://research.unsw.edu.au/projects/adfa-ids-
Expectations and Emerging Good Practices. In United Nations datasets.
Institute for Disarmament Research (UNIDIR). Retrieved April 12, [150] The Bot-IoT Dataset. (n.d.). UNSW Sidney. Retrieved April 8,
2024, from https://unidir.org/wp- 2024, from https://research.unsw.edu.au/projects/bot-iot-dataset.
content/uploads/2023/05/International-Cooperation-to-Mitigate-
[151] Garcia, Parmisano, & Jose Erquiaga. (2020, January 20). IoT-23:
Cyber-Operations-against-Critical-Infrastructure-April-2021.pdf. A labeled dataset with malicious and benign IoT network traffic.
[133] Reeder, F., Pomales, C., Kotras, D., & Lockett, J. (2023). Zenodo. Retrieved April 8, 2024, from
Enabling the Department of Defense's Future to Test and Evaluate https://zenodo.org/records/4743746.
Artificial Intelligence Enabled Systems. IEEE Instrumentation &
[152] Zhang, K., Xu, S., & Shin, B. (2023, October). Towards Adaptive
Measurement Magazine, 26(5), 31-38. Zero Trust Model for Secure AI. In 2023 IEEE Conference on
[134] Exploring Synthetic Data for Artificial Intelligence and Communications and Network Security (CNS) (pp. 1-2). IEEE.
Autonomous Systems: A Primer. (2023). In United Nations [153] Bak, M., Madai, V. I., Fritzsche, M. C., Mayrhofer, M. T., &
Institute for Disarmament Research (UNIDIR) . Retrieved March
McLennan, S. (2022). You can’t have ai both ways: Balancing
31, 2024, from https://unidir.org/wp- health data privacy and access fairly. Frontiers in Genetics, 13,
content/uploads/2023/11/UNIDIR_Exploring_Synthetic_Data_for 929453.
_Artificial_Intelligence_and_Autonomous_Systems_A_Primer.pd
[154] Vassilev, A., Oprea, A., Fordyce, A., & Anderson, H.
f.
(2024). Adversarial machine learning: A taxonomy and
[135] Yan, J., Lee, E. J., Conover, D., & Kwon, H. (2020). Synthetic terminology of attacks and mitigations (No. NIST Artificial
dataset generation and adaptation for human detection (p. 0030). Intelligence (AI) 100-2 E2023). National Institute of Standards and
Tech. Rep. ARL-TR-9112, US Army Research Laboratory. Technology.
[136] Michel, A. H. (2021). Known unknowns: Data Issues and
[155] Eykholt, K., Evtimov, I., Fernandes, E., Li, B., Rahmati, A.,
military autonomous systems. In UNIDIR (SecTec/21/AI1). United Xiao, C., ... & Song, D. (2020). Robust physical-world attacks on
Nations Institute for Disarmament Research (UNIDIR). Retrieved deep learning visual classification.
April 17, 2024, from https://unidir.org/wp-
[156] Jing, P., Tang, Q., Du, Y., Xue, L., Luo, X., Wang, T., ... & Wu,
content/uploads/2023/05/Holland_KnownUnknowns_20210517_
S. (2021). Too good to be safe: Tricking lane detection in
0.pdf.
autonomous driving with crafted perturbations. In 30th USENIX
[137] 1998 DARPA Intrusion Detection Evaluation Dataset. (n.d.). Security Symposium (USENIX Security 21) (pp. 3237-3254).
LINCOLN LABORATORY, MASSACHUSETTS INSTITUTE
[157] Calvo, A., Ortiz, N., Espinosa, A., Dimitrievikj, A., Oliva, I.,
OF TECHNOLOGY. Retrieved April 8, 2024, from
Guijarro, J., & Sidiqqi, S. (2023, June). Safe AI: Ensuring Safe and
https://www.ll.mit.edu/r-d/datasets/1998-darpa-intrusion-
Responsible Artificial Intelligence. In 2023 JNIC Cybersecurity
detection-evaluation-dataset.
Conference (JNIC) (pp. 1-4). IEEE.
94 VOLK

[158] ATLAS Matrix. (n.d.). MITRE ATLAS. Retrieved April 12, 2024,
from https://atlas.mitre.org/matrices/ATLAS.
[159] Joint Cybersecurity Information: Deploying AI Systems
Securely. (2024, April). In U.S. Department of
Defense (U/OO/143395-24 | PP-24-1538 | April 2024 Ver. 1.0).
Retrieved April 21, 2024, from
https://media.defense.gov/2024/Apr/15/2003439257/-1/-1/0/CSI-
DEPLOYING-AI-SYSTEMS-SECURELY.PDF.
[160] National Security Agency & Cybersecurity & Infrastructure
Security Agency. (2020, July). Cybersecurity Advisory: NSA and
CISA Recommend Immediate Actions to Reduce Exposure Across
all Operational Technologies and Control systems. In U.S.
Department of Defense (U/OO/154383-20 | PP-20-0622).
Retrieved April 22, 2024, from
https://media.defense.gov/2020/Jul/23/2002462846/-1/-
1/0/OT_ADVISORY-DUAL-OFFICIAL-20200722.PDF
[161] Engaging with Artificial Intelligence (AI). (2023). In U.S.
Department of Defense. Retrieved April 22, 2024, from
https://media.defense.gov/2024/Jan/23/2003380135/-1/-1/0/CSI-
ENGAGING-WITH-ARTIFICIAL-INTELLIGENCE.PDF.

Mojca Volk received her Ph.D. degree in telecommunications

from the University of Ljubljana, Slovenia, in 2010. She is with
the Laboratory for telecommunications at the Faculty of
Electrical Engineering, University of Ljubljana, holding the
role of Scientific Associate and habilitated Assistant Professor.
Her main areas of work entail R&D and innovative
infrastructure and business model development and prototyping
in communication networks, services and applications, with a
specific focus on wireless communications, 5G/6G
technologies and cybersecurity in different verticals, including
critical infrastructure, defence and military, energy systems,
digital health and public protection and disaster relief. She has
been involved in numerous national and international R&D
projects in her fields of interest. Her recent work includes
scientific research and managerial roles in research projects
from the EDA, EDF and ARIS research programmes on the
topic of cybersecurity, green energy and public safety. Her
pedagogical activities currently comprise courses on innovation
and entrepreneurship on the undergraduate university level and
applied study programmes at the Faculty of Mechanical
Engineering, University of Ljubljana, and mentorships at the
MSc and PhD study programmes at the Faculty of Electrical
Engineering, University of Ljubljana. She is a member of the
Scientific and research council for interdisciplinary sciences at
the Slovenian Research and Innovation Agency (ARIS), the
technical council on Artificial Intelligence at the Slovenian
Standardisation Institute (SIST/TC), and the IEEE society.