Signal Decomposition for Intrusion Detection in Reliability Assessment in Cyber Resilience (Summary Report)

The complexity of assuring cyber resilience for physical process interactions in connected systems such as energy grids increases dramatically as the coupling between processes becomes more direct and responsive. An example of this growing complexity is provided by Integrated Energy Systems (IES), in which various processes such as nuclear heat generation and commodity production are being directly coupled for increased responsiveness to highly variable signals such as market pricing or electricity demand. As such, the potential attack surface of the coupled processes is larger than the two processes independently. Securing these complex systems requires two-fold monitoring: cybersecure monitoring for potential malicious incursion, and physics monitoring for system tampering. Physics monitoring includes analyzing the behavior of the signals within the system for anomalous behavior. This analysis has been shown to be insufficient if approached by only data-driven machine learning and artificial intelligence (MLAI) techniques or only low-level model comparison. Previous efforts at Purdue University suggested combining high-fidelity models with MLAI algorithms as a basis for a software tool for detecting anomalies in physical processes. This work built on that suggestion, developing an advanced library for signal decomposition and analysis using both MLAI and high-fidelity physics algorithms for greatly improved anomaly detection, especially false data injection. This software can be used as part of a secure imbedded intelligence (SEI) system designed under Consequence-driven Cyber-informed Engineering (CCE) for complex coupled systems. This library established a foundation for online and posteriori analysis of digital signals for the purpose of detecting potential malicious tampering in digital signals representing physical processes. Demonstrations carried out throughout the development highlight the effective use of characterization algorithms to detect signal perturbations, particularly triangle attack-style perturbations, in three wide-ranging applications: seismic monitoring, nuclear thermal hydraulics system simulation, and custom manufacturing.