Forecasting and Early Warning for Adversarial Targeting in Industrial Control Systems
A new feature-based forecasting framework of abnormalities is presented for early warning for cyber-physical control systems. The abnormalities may refer to intelligent cyber-attacks or naturally occurring faults and failures. Techniques presented here are aimed at protecting against unauthorized intrusions as well as fault prevention. Time series signals from system monitoring nodes are converted to features using feature discovery techniques. The feature behavior for each monitoring node is characterized in the form of decision boundaries, separating normal and abnormal space with operating data collected from the plant or by running virtual models of the plant. A set of ensemble state-space models are constructed for representing feature evolution in time-domain, where the ensembles are selected using Gaussian Mixture Model (GMM) clustering. The forecasted outputs are anticipated time-evolution of features, computed by applying an adaptive Kalman predictor to each ensemble model. The overall features forecast is then obtained through dynamic ensemble averaging. This is done by projecting evolution of feature vector to future times in a receding horizon fashion. The features forecast are compared to the decision boundary to estimate if/when the feature vectors will cross the boundary. Simulation results in a high fidelity GE gas turbine platform, show the effectiveness of our approach for forecasting abnormalities.
- Research Organization:
- GE Research
- Sponsoring Organization:
- USDOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER)
- DOE Contract Number:
- OE0000833
- OSTI ID:
- 1905843
- Journal Information:
- 2018 IEEE Conference on Decision and Control (CDC), Conference: 2018 IEEE Conference on Decision and Control (CDC), Miami, FL, USA, 17-19 December 2018
- Country of Publication:
- United States
- Language:
- English
Similar Records
Anomaly forecasting and early warning generation
Scalable hierarchical abnormality localization in cyber-physical systems