Data trustworthiness signatures for nuclear reactor dynamics simulation

Highlights

• Signature-based classifier is effective for the detection of stealthy FDI attacks.

• Use both of dominant degrees of freedom (DOFs) and less dominant DOFs to construct signatures.

• Randomized window placements on the temporal profile to identify the dominant degrees of freedom.

Abstract

With the increased reliance on digitization in industrial control systems, the need for effective monitoring techniques has risen dramatically. Specifically, there is now a growing concern about the so-called false data injection (FDI) attacks. These attacks aim to alter the raw sensors’ data to cause malicious outcomes. Any serious FDI algorithm is based on an intimate knowledge of the system and its associated physics models, which renders conventional outlier/anomaly detection techniques almost obsolete in the face of such attacks. Thus, a critical need has emerged to develop a new class of defense methods that are capable of detecting FDI attacks under the assumption that the attacker has a strong familiarity with the system and its physics modeling. This class of defense methods are denoted by model-based defenses which are premised on the assumption that the attacker, while having a good understanding of the system, does not have full privileged access to all proprietary data and historical records of operation. However, (s)he is assumed to be capable of learning system behavior using self-learning techniques during an initial lie-in-wait period. To defend against this scenario, we propose a new model-based randomized window algorithm that searches time-series data for signatures that can serve as classifiers between normal and FDI scenarios. The classifiers are based on the correlations between the dominant degrees of freedom (DOFs) and the less-dominant DOFs (expected to be very sensitive to the system details that are unknown to the attacker). For demonstration, RELAP5 models are employed to calculate representative nuclear reactor behavior during a number of transient scenarios. Falsified data are injected into the RELAP5-simulated behavior, and the proposed signature-identification algorithm is employed to detect the injected data.

Introduction

The adoption of digital technologies to support the operation and maintenance of industrial control systems, like nuclear reactors, is expected to have a wide range of benefits for optimum control, improved operational flexibility, predictive maintenance, and better inference of uncertainties, etc. Along with the benefits comes the risk of digital intrusion perpetrated by adversaries aiming to exploit any vulnerabilities to inflict damage on the system, ranging from temporary denial of service to irreparable system damage. To combat this threat, Information Technology (IT) defenses have been early adopted, e.g., perimeter defense like firewalls, passwords, routers, etc., and more modern methods like decoy network, network traffic analysis, etc. Given the frequency and sophistication of recent attacks, e.g., the 2010 Stuxnet against Iran, the 2015 Electric Grid attack against Ukraine, etc., a new type of defense, denoted by Operational Technology (OT) defense has been introduced as a new line of defense when IT defenses are bypassed (NIST, 2015).

OT defenses aim to protect the system at the physical process level by developing a level of awareness of the system's process variables' normal behavioral patterns. The idea is that if an attacker injects falsified data into the network, e.g., by falsifying the sensors' data or actuator commands, the OT defenses would detect the falsification and provide early alarms to the operators. The detection process requires a metric by which normal vs. falsified behavior could be distinguished. Many approaches have been proposed to design such metrics, often referred to as signatures. The signatures serve as fingerprints for the system, including its physics, and history of operation, where no two systems are identically the same, even if their initial design is the same. These signatures are designed to ensure consistency of the process variables used to describe/monitor the physical process.

A key challenge of signature-based methods is the ability to distinguish between normal and malicious behavior under various assumptions of the attacker's familiarity with the system. For example, when the attacker has little or no familiarity with the system, outlier/anomaly detection techniques present the most straightforward approach to detecting FDI attacks (Fawzy and Mokhtar, 2013) (Costa et al., 2015). In this scenario, each process variable has a prescribed range for variation, e.g., steam generator level, with deviations thereof -- as measured by one or two standard deviations -- signaling an abnormal behavior. This approach has the advantage of being simple to implement, however it does not provide enough information on the cause of the deviations.

Next, if the attacker has a basic understanding of the system behavior, outlier/anomaly techniques may not be effective because the attackers might know the preset values that trigger the outlier detection algorithm. In this scenario, another class of methods may be more effective, the so-called data-driven techniques, which rely on building predictive models for the system behavior (Smarra et al., 2018) (Li et al., 2020). Data-driven modeling implies that the physics models are not incorporated to guide the training of the models. Instead, auto-correlation-type regression techniques, and their more sophisticated neural-network implementations are employed to predict the present behavior as a function of past behavior (Pan and Duraisamy, 2018). When the predictions made by these models become inconsistent with observed behavior, an alarm is issued. Just like outlier/anomaly detection techniques, data-driven techniques are simple to implement.

Moreover, data-driven approaches need vast amounts of data, especially for complicated industrial systems, to ensure an accurate emulation of system behavior. Also, they can be customized with reasonable accuracy to recognize different equipment failure modes (Trunzeret al., 2018). This simplicity however also means that the learning process can be duplicated by an attacker during an initial lie-in-wait period. This follows because the mathematical machinery for data-driven techniques is well-understood and does not rely on any obscurity measures. Once learned, the attacker can proceed to making changes to the system state that respects the consistency between present and past behavior (Papernot et al. Goodfellow). One key disadvantage of pure data-driven learning is that it does not incorporate the physics in the learning process, which implies that if the raw sensors data are routinely falsified, one cannot rely on such methods to detect sophisticated FDI attacks.

The next logical OT defense is expected to rely on the formal physics description for the system in order to decide what normal behavior looks like. This OT defense is denoted as model-based, since it relies on a physics model to establish a basis for normal behavior. This type of defense is expected to be more resilient to an attacker who has a general understanding of system behavior but may not be able to exactly replicate it, because they do not have access to key proprietary data and historical operational details. This attack scenario is not farfetched, since almost all kinds of simulators for different types of nuclear reactors can be found via open access, such as Ph.D thesis, published reports and research papers, which provide the attacker with sufficient resources to obtain an approximate physics model. To address this type of attack scenario, the model-based approach derives its strength from the operational uniqueness and complex interactions between system components. Previous studies provide proof that pure data-driven learning is not generally capable of accurately learning system behavior, especially for complex systems like nuclear reactors (Li et al., 2018).

The next attack scenario, expected to be launched by state-sponsored organizations, the attacker will likely have access to high fidelity simulators for system behavior. For these attacks, the question becomes: will an OT model-based defense be able to detect signs of FDI attacks when the attackers can predict system behavior to a reasonable accuracy. This represents the focus of this manuscript which proposes the use of a model-based approach that analyzes system behavior for a wide range of conditions in search of signatures that are extremely difficult to be duplicated by an attacker. These signatures are based on the higher-order differences between the defender's model and that of the attacker, which can be gleaned via data mining techniques. These higher order effects are typically discarded by most data-driven techniques, and are attributed to sources of uncertainties that cannot be explained by the models. Coupling these higher order effects with the dominant behavior can be shown to establish signatures that are difficult to duplicate by the attacker. This is true whether basic or advanced learning methods are being employed such as generative adversarial networks (GANs) (Goodfellow et al., Warde-farley). This follows because GANs' generative model require a template of models that represent the basis for training their adversarial network. Without access to the definition of the higher order effects, expected to have extremely high dimensionality, it remains very difficult for the network to learn the higher order effects (Bau et al., 2020), and more critically, their relation to the lower order effects, as will be shown later in the discussion. Clearly, if the attacker has the same model employed by the OT defense, and knows the exact definition of the signatures, this defense can also be bypassed using simple as well as complex learning methods such as GAN. This extreme scenario is not considered here, and is discussed in another article (Sundaram et al. Ashy), under the context of active OT defense. The current manuscript focuses on a passive OT defense, where the passivity implies that the defense does not introduce any changes to the system. It only monitors the measured process variables and compares them to predicted values in search of signatures, as described earlier.

The rest of this paper is organized as follows. First, we provide a background on the current research on the OT defense and related data-driven techniques. Second, a mathematical development of the proposed randomized window decomposition (RWD) technique is elucidated. Third, the application of the RWD technique is exemplified using numerical simulations with the RELAP5 to demonstrate its ability to classify normal behavior from FDI attacks.