American Nuclear Society
Home

Home / Publications / Journals / Nuclear Science and Engineering / Volume 196 / Number 5

Real-Time Monitoring for Detection of Adversarial Subtle Process Variations

Yeni Li, Arvind Sundaram, Hany S. Abdel-Khalik, Paul W. Talbot

Nuclear Science and Engineering / Volume 196 / Number 5 / May 2022 / Pages 544-567

Technical Paper / dx.doi.org/10.1080/00295639.2021.1997041

Received:April 19, 2021
Accepted:October 19, 2021
Published:March 28, 2022

As industries take advantage of the widely adopted digitalization of industrial control systems, concerns are heightened about their potential vulnerabilities to adversarial attacks. False data injection attack is one of the most realistic threats because the attack could be as simple as performing a reply attack allowing attackers to circumvent conventional anomaly detection methods. This attack scenario is real for critical systems, e.g., nuclear reactors, chemical plants, etc., because physics-based simulators for a wide range of critical systems can be found in the open market providing the means to generate physics-conforming attack. The state-of-the-art monitoring techniques have proven effective in detecting sudden variations from established recurring patterns, derived by model-based or data-driven techniques, considered to represent normal behavior. This paper further develops a new method designed to detect subtle variations expected with stealthy attacks that rely on intimate knowledge of the system. The method employs physics modeling and feature engineering to design mathematical features that can detect subtle deviations from normal process variation. This work extends the method to real-time analysis and employs a new denoising filter to ensure resiliency to noise, i.e., ability to distinguish subtle variations from normal process noise. The method applicability is exemplified using a hypothesized triangle attack, recently demonstrated to be extremely effective in bypassing detection by conventional monitoring techniques, applied to a representative nuclear reactor system model using the RELAP5 computer code.