Deep Learning based Covert Attack Identification for Industrial Control Systems

TL;DR

This paper presents a deep learning framework that detects, diagnoses, and localizes covert cyberattacks in industrial control systems, effectively distinguishing them from equipment faults using sensor time series data.

Contribution

It introduces a hybrid deep learning model combining autoencoders, RNNs with LSTM, and DNNs for improved detection and localization of covert attacks in ICS.

Findings

The proposed method outperforms traditional model-based approaches.

It effectively distinguishes cyberattacks from equipment faults.

The framework demonstrates high accuracy in a realistic simulation of the IEEE 14-bus system.

Abstract

Cybersecurity of Industrial Control Systems (ICS) is drawing significant concerns as data communication increasingly leverages wireless networks. A lot of data-driven methods were developed for detecting cyberattacks, but few are focused on distinguishing them from equipment faults. In this paper, we develop a data-driven framework that can be used to detect, diagnose, and localize a type of cyberattack called covert attacks on smart grids. The framework has a hybrid design that combines an autoencoder, a recurrent neural network (RNN) with a Long-Short-Term-Memory (LSTM) layer, and a Deep Neural Network (DNN). This data-driven framework considers the temporal behavior of a generic physical system that extracts features from the time series of the sensor measurements that can be used for detecting covert attacks, distinguishing them from equipment faults, as well as localize the attack/fault. We evaluate the performance of the proposed method through a realistic simulation study on the IEEE 14-bus model as a typical example of ICS. We compare the performance of the proposed method with the traditional model-based method to show its applicability and efficacy.