The degree of sophistication of modern cyber-attacks has increased in recent years, and in the future these attacks will more and more target cyber-physical systems (CPS). Unfortunately, today’s security solutions that are used for enterprise information technology (IT) infrastructures are not sufficient to protect CPS, which have largely different properties, involve heterogeneous technologies, and have an architecture that is tailored to specific physical processes. The objective of the synERGY project was to develop new methods, tools and processes for cross-layer anomaly detection (AD) to enable the early discovery of both cyber- and physical-attacks with impact on CPS. To this end, synERGY developed novel machine learning approaches to understand a system’s normal behaviour and detect consequences of security issues as deviations from the norm. The solution proposed by synERGY are flexibly adaptable to specific CPS layers, thus improving the detection capabilities. Moreover, synERGY interfaces with various organizational data sources, such as asset databases, configuration management, and risk data to facilitate the semi-automatic interpretation of detected anomalies. The synERGY approach was evaluated in a utility provider’s environment. This paper reports on the general architecture and the specific pitfalls that needed to be solved, during the design, implementation and deployment of the synERGY system. We foresee this work to be of benefit for researchers and practitioners, who design and implement security systems that correlate massive data from computer logs, the network or organizational context sources, to timely detect cyber attacks.

近年来，现代网络攻击的复杂程度有所提高，将来，这些攻击将越来越多地针对网络物理系统（CPS）。不幸的是，当今用于企业信息技术（IT）基础结构的安全解决方案不足以保护CPS，CPS具有很大的不同特性，涉及异构技术，并且具有适合特定物理过程的体系结构。synERGY项目的目的是开发跨层异常检测（AD）的新方法，工具和过程，以尽早发现对CPS有影响的网络攻击和物理攻击。为此，synERGY开发了新颖的机器学习方法，以了解系统的正常行为并检测由于违反规范而导致的安全问题的后果。synERGY提出的解决方案可以灵活地适应特定的CPS层，从而提高了检测能力。此外，synERGY与各种组织数据源（例如资产数据库，配置管理和风险数据）相连接，以促进对检测到的异常现象进行半自动解释。在公用事业提供商的环境中对synERGY方法进行了评估。本文报告了在synERGY系统的设计，实施和部署过程中需要解决的一般体系结构和特定陷阱。我们预见这项工作将对研究人员和从业人员有所帮助，