Causal Reasoning for Real-Time Attack Identification in Cyber-Physical Systems
Objective
We propose to develop computationally efficient machine learning algorithms and tools for attack detection and identification based on a novel, scalable representation of the physical system state, the communication protocol state and the IT infrastructure’s security state maintained based on noisy observations and measurements from the physical and the IT infrastructure. The key contribution is to learn a succinct representation of the security state of the IT infrastructure that allows computationally efficient belief updates in real-time and enables jointly accounting for the evolution of the state of the physical system, communication protocols, and infrastructure for accurate detection of attacks and identification through causal reasoning based on learnt dependency models.
The research will help address questions such as achieving real-time situational awareness in complex IT infrastructures, developing anomaly detectors with low false positive and false negative rates, and using information about IT infrastructure to improve attack identification. The project leverages the expertise of three research teams from KTH, UIUC, and MIT, with extensive expertise in cyber-physical systems security, smart grids, and anomaly detection.
Background
Modern SCADA systems rely on IP-based communication protocols that are primarily event-driven and follow a publish-subscribe model. The timing and content of protocol messages emerge from interactions between the physical system state and the protocol’s internal state – as an effect, traditional approaches to anomaly detection result in excessive false positives and, ultimately, alarm fatigue.
Crossdisciplinary collaboration
The project is a collaboration between the KTH Royal Institute of Technology, the University of Illinois at Urbana-Champaign and MIT.
Watch the recorded presentation at the Digitalize in Stockholm 2023 event:
Contacts
György Dán
Professor, Division of Network and Systems Engineering at KTH, Member of the Strategic Research Committee, Chair working group Cooperate, PI of research project Susan’s Ride on Campus2030, PI of research project Causal reasoning for real-time attack identification in cyber-physical systems, Co-PI of demo project CAVeaT Connected Automated Vehicles trialling and Trustworthiness, Co-PI of research project Learning in Routing Games for Sustainable Electromobility, Digital Futures Faculty
+46 8 790 42 53gyuri@kth.se
Henrik Sandberg
Professor, Division of Decision and Control Systems at KTH EECS, Member of the Strategic Research Committee, Chair Working group Trust, PI of research project Learning in Routing Games for Sustainable Electromobility (RoSE), Co-PI of research project Causal Reasoning for Real-Time Attack Identification in Cyber-Physical Systems, Co-PI of research project Decision-making in Critical Societal Infrastructures (DEMOCRITUS), Digital Futures Faculty
+46 8 790 72 94hsan@kth.se
Saurabh Amin
Associate Professor, Civil and Environmental Engineering Massachusetts Institute of Technology
amins@mit.eduKlara Nahrstedt
Grainger Distinguished Chair in Engineering, University of Illinois at Urbana-Champaign
klara@illinois.edu