AI-enabled Cybersecurity Framework for Industrial Control Systems
Date
2022-12-14
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Industrial Control System (ICS), one type of Operational Technology (OT), plays an essential role in monitoring and controlling critical infrastructures such as power plants, smart grids, oil and gas industries, and transportation. To maintain the security of ICSs from cyber-attacks, they were placed on isolated communication networks, which were relatively obscure and unknown to most attackers. However, integrating the Internet of Things (IoT) in ICSs allows remote monitoring, access, and control of critical infrastructure, leading to more agile and efficient systems. However, it increases the vulnerabilities of these systems towards cyber-attacks. Due to the ICS functionality in critical infrastructures, a compromise in the system may lead to severe danger to human life or the environment. Moreover, the growing number of cyber-attacks against ICS in recent years elevates a significant concern for proper and timely security solutions for these systems. Besides, due to the differences between the IT and OT networks, IT cyber-security solutions are unsuitable for ICS. These differences include network protocols, performance metrics, and asset characteristics. Besides, in IT networks, the main focus is on throughput management of the network, while the OT focuses on reliability and punctuality. In this thesis, an AI-enabled framework will be proposed to secure the ICS networks and reduce the risk of harmful effects on human lives and the environment. The proposed framework includes cyber-attack detection, cyber-attack localization, cyber-threat hunting, cyber-attack projection, and cyber-attack attribution components. Furthermore, the proposed methods for the mentioned components will focus on the challenges of using machine learning techniques in the cybersecurity of the ICS, such as using imbalanced data and data privacy of training the models on the cloud. An ensemble of two unsupervised deep neural networks with a decision tree classifier will be proposed for the cyber-attack detection component. Furthermore, a federated learning-based technique will be proposed for the cyber-threat hunting component to build a powerful hunting component based on several ICS data with privacy-preserving and without sharing the data. Moreover, attack projection will be modeled using the combination of deep reinforcement learning and deep neural networks. In the end, an ensemble of several deep neural networks will be proposed for the attack attribution. These components build a more secure infrastructure by early detecting incoming attacks, hunting the evaded threats, determining the attack trajectory, and analyzing their impact.
Description
Keywords
Industrial control systems (ICS), cybersecurity, machine learning, cyber-attack detection, deep learning, representation learning, reinforcement learning, federated learning, cyber-attack projection, cyber-threat hunting, cyber-attack attribution
Citation
Namavar Jahromi, A. (2022). AI-enabled cybersecurity framework for industrial control systems (Doctoral thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca.