Shadow Figment: Model-Driven Cyber Defense for Control Systems

Battelle Number: 31305 | N/A

Technology Overview

Today’s critical infrastructure and control systems are rooted in the physical world where sensors and controllers constantly interact to manage physical processes. Unfortunately, traditional cyber deception uses façades that are easily seen through by intelligent attackers and cannot effectively prevent them from causing chaos. This is where Shadow Figment enters the scene: The solution sidetracks hackers with realistic responses representative of the physical process being defended, thereby buying time for the good guys.

How It Works

Shadow Figment defends critical infrastructure and operational systems against devastating cyberattacks using interactive decoys mapped to simulations of real systems. With the attacker safely preoccupied, Shadow Figment alerts defenders and gathers information to respond appropriately—without affecting system performance.

Shadow Figment’s deception approaches are specifically designed for control systems and critical infrastructure. These model-driven decoys are generated by machine learning and appear to operate in coordination with a physical system. Specialized algorithms allow the decoys to interact with an intelligent attacker as if an attack is affecting real-world hardware with associated impacts on physical processes. As attackers interact with decoys, Shadow Figment’s models of the physical process calculate the system effects of those changes and further confounds the attacker with more realistic-looking responses.

Ultimately, decoys draw the attacker toward what appears to be easier and higher value targets. Licensees can use Shadow Figment deception to lure intelligent attackers inside a system with realistic decoys, thereby diverting their attention long enough to limit the potential damage. Compared to traditional cybersecurity sensors, decoys provide low false-positive detection to give defenders valuable time to respond to threats actively attempting to breach their most critical systems—all while maintaining normal, uninterrupted system operations.


  • Shadow Figment deploys and manages deceptive, cyber-enabled control sensors specifically designed for control systems and critical infrastructure.
  • Decoys provide an early warning system for operators and preoccupy the adversary, slowing down the attack and allowing countermeasures to be employed.
  • Shadow Figment generates high-fidelity deceptions that divert attackers’ attention away from real targets while giving defenders valuable time to mitigate and respond to threats.

State of Development

ShadowFigment operations

Shadow Figments is aimed at protecting physical targets—infrastructure such as buildings, the electric grid, water and sewage systems, and even pipelines. Shadow Figment meets the cybersecurity needs of control systems and critical infrastructure and has proven highly effective in safeguarding critical infrastructure systems against many of the persistent and potentially catastrophic attacks they now face.

While Shadow Figment is currently configured for building control systems and electric grid infrastructure, auto-learn functions are in development to create and modify the decoys without continual, active engagement from cyber experts. Researchers are also pursuing ways to tie the platform to threat intelligence sources as an efficient, impactful approach to generating timely, highly targeted decoys.



Available for licensing in all fields


cybersecurity, control systems, critical infrastructure, machine learning, data analytics


Data Sciences
DS-Machine Learning/AI

Market Sectors

Data Sciences