Enhancing ICS Cybersecurity with AI and ML: A Conversation with Cybersecurity Researcher Alireza Dehlaghi Ghadim
Alireza Dehlaghi Ghadim is an Industrial Control Systems (ICS) cybersecurity researcher who utilises AI and ML for Intrusion Detection Systems.at RISE, meanwhile, he is also an industrial PhD student at the IndTech graduate school of Mälardalen University. The dual roles and unique PhD educational model enable him to deepen his research in enhancing the detection of cyberattacks in ICS by utilizing advanced intrusion detection techniques, particularly by leveraging new machine learning methods both for academia and industry.
Dehlaghi highlights the unique challenges of conducting experiments in ICS cybersecurity due to the critical nature of operational systems. One significant contribution of his research is the development of a comprehensive testbed called ICSSIM, which provides a suitable platform for experimentation and validating cybersecurity solutions. The testbed is free and open-source, making it accessible for research purposes.
Temporal analysis is crucial in Dehlaghi’s work. He emphasizes the importance of considering the temporal relationships between events for effective intrusion detection, as relying solely on the current state of a control system can lead to inaccuracies. He explores the use of sequence-based ML models to enhance detection capabilities.
The Stuxnet attack on Iranian nuclear facilities heightened his concerns about system security and vulnerabilities.
Dehlaghi’s motivation for pursuing this field of study stems from his previous experience as a software designer and developer in the control automation industry. The Stuxnet attack on Iranian nuclear facilities heightened his concerns about system security and vulnerabilities. This background prompted him to seek opportunities to delve deeper into ICS security.
In his research, using AI and ML techniques for Intrusion Detection Systems (IDSs) in ICS played a vital role. He highlights the importance of simulating cyberattacks on testbeds to analyze the effectiveness of these methods. His research also contributed to the development of a publicly available dataset for the scientific community to further study and enhance ML-based IDSs in the context of ICS cybersecurity.
Dehlaghi describes a framework he proposes for creating virtual testbeds that simulate real-world operational ICS. This framework is adaptable to various platforms and enables the simulation of different attack scenarios, allowing for the validation of intrusion detection algorithms and the study of their effectiveness.
Regarding steps to prioritize ICS security and mitigate cyber threats, Dehlaghi emphasizes risk assessment, access control, securing protocols, and network segmentation as crucial measures. He also highlights the role of intrusion detection systems in promptly detecting and responding to attacks.
“We need to employ the use of technology, particularly AI and ML, to enhance security in ICS”
Looking ahead, Dehlaghi talks about the potential future research directions, including the impact of emerging technologies like quantum computing on security. He feels the need to employ the use of technology, particularly AI and ML, to enhance security in ICS.
It is challenging to balance academic research and industrial work as an industrial PhD student, but Dehlaghi highlights the benefits of dual affiliations, including access to knowledge and networks from both academia and industry.
Finally, Dehlaghi shares his strategies for maintaining a work-life balance, acknowledging the flexibility and demands of PhD research. He recognizes the importance of personal interests and hobbies, such as playing badminton, chess, and online games, and spending time with a supportive partner that encourages breaks and relaxation.
Interviewed and written by Alba Torrado
RISE is a state-owned research institute collaborating with academia, industry and society as a central part of the Swedish innovation system.