Autonomous Attack Mitigation for Industrial Control Systems

被引:2
作者
Mern, John [1 ]
Hatch, Kyle [2 ]
Silva, Ryan [3 ]
Hickert, Cameron [3 ]
Sookoor, Tamim [3 ]
Kochenderfer, Mykel J. [1 ]
机构
[1] Stanford Univ, Aeronaut & Astronaut, Stanford, CA USA
[2] Stanford Univ, Comp Sci, Stanford, CA USA
[3] Johns Hopkins Univ, Appl Phys Lab, Baltimore, MD USA
来源
52ND ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS WORKSHOP VOLUME (DSN-W 2022) | 2022年
关键词
reinforcement learning; artificial intelligence; machine learning; industrial control systems;
D O I
10.1109/DSN-W54100.2022.00015
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Defending industrial control systems and other networks from cyber attack requires timely responses to alerts and threat intelligence. Decisions about how to respond involve coordinating actions across multiple nodes based on imperfect indicators of compromise while minimizing disruptions to network operations. Currently, playbooks are used to automate portions of a response process, but often leave complex decision-making to a human analyst. In this work, we present a deep reinforcement learning approach to autonomous response and recovery in large industrial control networks. We propose an attention-based neural architecture that is flexible to the size of the network under protection. To train and evaluate the autonomous defender agent, we present an industrial control network simulation environment suitable for reinforcement learning. Experiments show that the learned agent can effectively mitigate advanced attacks that progress with few observable signals over several months before execution. The proposed application of AI/ML techniques for security outperforms a fully automated playbook method in simulation, taking less disruptive actions while also defending more nodes on the network. The learned policy is also more robust to changes in attacker behavior than playbook approaches.
引用
收藏
页码:28 / 36
页数:9
相关论文
共 50 条
  • [21] Attacks on ML Systems: From Security Analysis to Attack Mitigation
    Zou, Qingtian
    Zhang, Lan
    Singhal, Anoop
    Sun, Xiaoyan
    Liu, Peng
    INFORMATION SYSTEMS SECURITY, ICISS 2022, 2022, 13784 : 119 - 138
  • [22] Cyber Attack Scenario Generation Method for Improving the Efficient of Security Measures in Industrial Control Systems
    Ogura T.
    Fujita J.
    Matsumoto N.
    IEEJ Transactions on Electronics, Information and Systems, 2024, 144 (01) : 35 - 42
  • [23] Efficient Cyber Attack Detection in Industrial Control Systems Using Lightweight Neural Networks and PCA
    Kravchik, Moshe
    Shabtai, Asaf
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2022, 19 (04) : 2179 - 2197
  • [24] Semi-supervised attack detection in industrial control systems with deviation networks and feature selection
    Liu, Yanhua
    Deng, Wentao
    Liu, Zhihuang
    Zeng, Fanhao
    JOURNAL OF SUPERCOMPUTING, 2024, 80 (10) : 14600 - 14621
  • [25] A Security Framework in Digital Twins for Cloud-based Industrial Control Systems: Intrusion Detection and Mitigation
    Akbarian, Fatemeh
    Tarneberg, William
    Fitzgerald, Emma
    Kihl, Maria
    2021 26TH IEEE INTERNATIONAL CONFERENCE ON EMERGING TECHNOLOGIES AND FACTORY AUTOMATION (ETFA), 2021,
  • [26] A Virtual Environment for Industrial Control Systems: A Nonlinear Use-Case in Attack Detection, Identification, and Response
    Felipe Murillo, Andres
    Francisco Combita, Luis
    Calderon Gonzalez, Andrea
    Rueda, Sandra
    Cardenas, Alvaro A.
    Quijano, Nicanor
    4TH ANNUAL INDUSTRIAL CONTROL SYSTEM SECURITY WORKSHOP (ICSS 2018), 2018, : 25 - 32
  • [27] Characteristic Canonical Analysis-Based Attack Detection of Industrial Control Systems in the Geological Drilling Process
    Xu, Mingdi
    Jin, Zhaoyang
    Ye, Shengjie
    Fan, Haipeng
    PROCESSES, 2024, 12 (09)
  • [28] Attack and Defense Strategies for Intrusion Detection in Autonomous Distributed IoT Systems
    Al-Hamadi, Hamid
    Chen, Ing-Ray
    Wang, Ding-Chau
    Almashan, Meshal
    IEEE ACCESS, 2020, 8 : 168994 - 169009
  • [29] On the Generation of Anomaly Detection Datasets in Industrial Control Systems
    Perales Gomez, Angel Luis
    Fernandez Maimo, Lorenzo
    Celdran, Alberto Huertas
    Garcia Clemente, Felix J.
    Cadenas Sarmiento, Cristian
    Del Canto Masa, Carlos Javier
    Mendez Nistal, Ruben
    IEEE ACCESS, 2019, 7 : 177460 - 177473
  • [30] Reusable industrial control systems
    Speck, A
    IEEE TRANSACTIONS ON INDUSTRIAL ELECTRONICS, 2003, 50 (03) : 412 - 418