Karimipour, HadisDehghantanha, AliNamavar Jahromi, Amir2022-12-192022-12-192022-12-14Namavar Jahromi, A. (2022). AI-enabled cybersecurity framework for industrial control systems (Doctoral thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca.http://hdl.handle.net/1880/115600Industrial Control System (ICS), one type of Operational Technology (OT), plays an essential role in monitoring and controlling critical infrastructures such as power plants, smart grids, oil and gas industries, and transportation. To maintain the security of ICSs from cyber-attacks, they were placed on isolated communication networks, which were relatively obscure and unknown to most attackers. However, integrating the Internet of Things (IoT) in ICSs allows remote monitoring, access, and control of critical infrastructure, leading to more agile and efficient systems. However, it increases the vulnerabilities of these systems towards cyber-attacks. Due to the ICS functionality in critical infrastructures, a compromise in the system may lead to severe danger to human life or the environment. Moreover, the growing number of cyber-attacks against ICS in recent years elevates a significant concern for proper and timely security solutions for these systems. Besides, due to the differences between the IT and OT networks, IT cyber-security solutions are unsuitable for ICS. These differences include network protocols, performance metrics, and asset characteristics. Besides, in IT networks, the main focus is on throughput management of the network, while the OT focuses on reliability and punctuality. In this thesis, an AI-enabled framework will be proposed to secure the ICS networks and reduce the risk of harmful effects on human lives and the environment. The proposed framework includes cyber-attack detection, cyber-attack localization, cyber-threat hunting, cyber-attack projection, and cyber-attack attribution components. Furthermore, the proposed methods for the mentioned components will focus on the challenges of using machine learning techniques in the cybersecurity of the ICS, such as using imbalanced data and data privacy of training the models on the cloud. An ensemble of two unsupervised deep neural networks with a decision tree classifier will be proposed for the cyber-attack detection component. Furthermore, a federated learning-based technique will be proposed for the cyber-threat hunting component to build a powerful hunting component based on several ICS data with privacy-preserving and without sharing the data. Moreover, attack projection will be modeled using the combination of deep reinforcement learning and deep neural networks. In the end, an ensemble of several deep neural networks will be proposed for the attack attribution. These components build a more secure infrastructure by early detecting incoming attacks, hunting the evaded threats, determining the attack trajectory, and analyzing their impact.engUniversity of Calgary graduate students retain copyright ownership and moral rights for their thesis. You may use this material in any way that is permitted by the Copyright Act or through licensing that has been assigned to the document. For uses that are not allowable under copyright legislation or licensing, you are required to seek permission.Industrial control systems (ICS)cybersecuritymachine learningcyber-attack detectiondeep learningrepresentation learningreinforcement learningfederated learningcyber-attack projectioncyber-threat huntingcyber-attack attributionArtificial IntelligenceComputer SciencePsychology--Industrialdoctoral thesis