PNNL

Abstract

Due to the strong integration of real-world physics, OT deception platforms must operate differently than traditional IT deceptions. For instance, turning off a valve will be detected downstream by other sensors because the flow will reduce and stop. Additionally, controllers and applications leverage data from sensors to send control commands to each other. A believable deception must be integrated with the system to project the effects of events. An attack will likely attempt to control the physical process in a negative manner. To make the attacker believe they are achieving their objective, it must predict the effects of these actions, to a reasonable degree. Our approach to simulating a model to generate realistic decoy behavior is explored including description of two approaches; a physics model-based approach and a data driven approach. The performance of two machine learning techniques are investigated in their ability to learn a good enough model of the physics of the system.