The main technical research goal of synERGY is to develop a novel anomaly detection system – based on cross-layer monitoring from embedded field devices to enterprise IT – which can be applied to several CPS in value networks of various organisations operating in different application domains. This means that synERGY will offer the ability to be adapted to specific CPS environments predefined by the combination of ICT infrastructure and physical/industrial processes of an organisation – self-learning anomaly detection using evolving system models. synERGY will have the capability to detect a priori unspecified errors, anomalies and misuse (for which no predefined signatures exist), e.g., potential consequences of security incidents, with more accuracy than existing products (see Table 1). Furthermore, synERGY will support the analysis and interpretation of detected anomalies using end-user specific organisational context, information from existing security mechanisms, such as firewalls, antivirus programs, IDSs, etc. and open/external information about threat intelligence, provided by mailinglists, vulnerability databases and online platforms – contextualization of anomalies for specific organisations. This is vital to assess a given security situation quicker and enable organisations to deploy counter measures earlier than with today’s solutions. A detailed overview of the synERGY scope and project structure (work packages) is depicted in Figure 1.
