Title: Achieving Security and Reliability of Industrial Control Systems Using Data-Driven Models Informed by Physical Domain Knowledge
Matthew Landen
Ph.D. Candidate in Computer Science
School of Cybersecurity and Privacy
Georgia Institute of Technology
Date/Time: Thursday, June 13, 2024, 1:00 – 2:30 pm, Eastern time
Location: Coda C0908 Home Park
Zoom Link: https://gatech.zoom.us/j/96649952965?pwd=zemcqj4Enn1W1IUHyCRLmKsz0uDlCB.1
Committee:
Dr. Wenke Lee (advisor), School of Cybersecurity and Privacy, Georgia Institute of Technology
Dr. Mustaque Ahamad, School of Cybersecurity and Privacy, Georgia Institute of Technology
Dr. Saman Zonouz, School of Cybersecurity and Privacy, Georgia Institute of Technology
Dr. Paul Pearce, School of Cybersecurity and Privacy, Georgia Institute of Technology
Dr. Jean-Paul Watson, Lawrance Livermore National Laboratory
Abstract:
Industrial control systems (ICS) are responsible for controlling and monitoring critical infrastructure such as power grids, which are critical for national security and public health. Modern ICS are comprised of interconnected information technology and operational technology systems that monitor and control physical processes. Although this increased connectivity provides operators with enhanced monitoring and control capabilities, it also increases the cyber threat surface. Cyberattacks on ICS commonly begin by infiltrating either the supervisory control and data acquisition (SCADA) systems or programmable logic controllers (PLCs) and disrupting process activity. To cause these disruptions, attacks inject malicious commands or falsify sensor data to cause the physical process to deviate away from reliable states. The longer these attacks remain in the system, the more damage they are able to cause to the physical process. To address cyberattacks on ICS, it is critical to detect such attacks quickly and precisely to minimize the amount of damage they cause. It is also necessary to maintain reliable operations during the attack in order for the system to continue functioning properly despite the attack.
To address the challenges discussed above, this thesis presents a framework that utilizes structured domain knowledge about the physical process underlying the ICS to inform data-driven models that detect attacks on ICS and maintain reliable operations. In this thesis, we first present Dragon, which applies this framework to the security and reliability of power grids. Dragon aims to maintain reliable power operations while also detecting cyberattacks on the grid by training deep reinforcement learning agents. To train these agents, we designed reward functions that are based on heuristics of the physical properties of the grid. In an evaluation with independent attacks, Dragon was able to accurately detect attacks and maintain reliable power grid operations for longer than a state-of-the-art autonomous grid operator. The second work of this thesis, Pi-Localize, uses the physics of the power grid to increase the interpretability of attack alerts by localizing attacks to a subset of the grid while adapting to different grid topologies. Specifically, Pi-Localize uses a physics-informed graph neural network, trained using a custom loss function defined by the power flow model in addition to training data, to quickly localize attacks and adapt to different topologies. By embedding knowledge of the physics of the grid, the resulting data-driven model is able to transfer knowledge about attack to unfamiliar grid topologies without the need to retrain the model. These two systems demonstrate that infusing physical domain knowledge into data-driven solutions can improve their ability to maintain reliable operations and detect attacks on ICS in an interpretable manner.