Title: Achieving Security and Reliability of Industrial Control Systems Using Data-Driven Models Informed by Physical Domain Knowledge 

Date: Thursday, August 17th, 2023

Time: 12:00 PM -- 1:00 PM EDT

Location: CODA C0903 Ansley

Zoom: Click here

Commitee:

Dr. Wenke Lee (advisor), School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Mustaque Ahamad, School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Saman Zonouz, School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Paul Pearce, School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Jean-Paul Watson, Lawrance Livermore National Laboratory 

Abstract:

Industrial control systems (ICS) are responsible for controlling and monitoring critical infrastructure such as power grids and water treatment plants, which are critical for national security and public health. Modern ICS are comprised of interconnected information technology and operational technology systems that monitor and control physical processes. Although this increased connectivity provides operators with enhanced monitoring and control capabilities, it also increases the cyber threat surface. Cyberattacks on ICS commonly begin by infiltrating either the supervisory control and data acquisition (SCADA) systems or programmable logic controllers (PLCs) and disrupting process activity. To cause these disruptions, attacks inject malicious commands or falsify sensor data to cause the physical process to deviate away from reliable states. The longer these attacks remain in the system, the more damage they are able to cause to the physical process. To address cyberattacks on ICS, it is critical to detect such attacks quickly to minimize the amount of damage they cause and maintain reliable operations during the attack in order for the system to continue functioning properly despite the attack.

To address the challenges discussed above, I propose a framework that utilizes structured domain knowledge about the physical process underlying the ICS to inform data-driven models that detect attacks on ICS and maintain reliable operations. In this thesis, I first present Dragon, which applies this framework to the security and reliability of power grids.

Dragon aims to maintain reliable power operations while also detecting cyberattacks on the grid by training deep reinforcement learning agents. To train these agents, I designed reward functions that are based on heuristics of the physical properties of the grid. In an evaluation with independent attacks, Dragon was able to accurately detect attacks and maintain reliable power grid operations for longer than a state-of-the-art autonomous grid operator. Next, I propose a system that detects ICS attacks by training anomaly detection models using both normal system data and mathematical equations describing the physical dynamics of the ICS. Although it is infeasible to generate a complete profile of normal system behavior, leading to false positives, this system proposes to supplement an incomplete normal profile with physical equations. The system operates by translating each physical equation into a neural network loss function that is trained on normal system data to produce a strongly regularized normal profile.