Cyber Forensic Analysis for Operational Technology Using Graph-Based Deep Learning

Alfan Presekal, Alexandru Stefanov, Vetrivel Subramaniam Rajkumar, Peter Palensky

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Citations (Scopus)

Abstract

The cyber attacks in Ukraine in 2015 and 2016 demonstrated the vulnerability of electrical power grids to cyber threats. They highlighted the significance of Operational Technology (OT) communication-based anomaly detection. Many anomaly detection methods are based on real-time traffic monitoring, i.e., Intrusion Detection Systems (IDS) that may produce false positives and degrade the OT communication performance. Security Operations Center (SOC) needs intelligent tools to conduct forensic analysis on generated IDS alarms and identify the attack locations. Therefore, in this paper, we propose a novel, graph-based forensic analysis method for anomaly detection in power systems using OT communication network traffic throughput. It employs a hybrid deep learning model involving Graph Convolutional Long Short-Term Memory and a Convolutional Neural Network. The proposed method aids SOC with continuous OT security monitoring and post-mortem investigations. Results indicate that the proposed method is able to pinpoint the locations of cyber attacks on power grid OT networks with an AUC score above 75%.

Original languageEnglish
Title of host publication2023 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2023 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781665455541
DOIs
Publication statusPublished - 2023
Event14th IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2023 - Glasgow, United Kingdom
Duration: 31 Oct 20233 Nov 2023

Publication series

Name2023 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2023 - Proceedings

Conference

Conference14th IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2023
Country/TerritoryUnited Kingdom
CityGlasgow
Period31/10/233/11/23

Keywords

  • Anomaly Detection
  • Attack Graph
  • CNN
  • Cyber Security
  • Digital Forensics
  • GNN
  • Graph
  • LSTM
  • Operational Technology

Fingerprint

Dive into the research topics of 'Cyber Forensic Analysis for Operational Technology Using Graph-Based Deep Learning'. Together they form a unique fingerprint.

Cite this