Efficient Hybrid Attack Graph Generation for Cyber-Physical System Resilience Experimentation
Develop techniques and tools to discover interesting test cases to study resilient performance.
PI: Sumit Purohit, sumit.purohit@pnnl.gov
This project will research novel theory and algorithms to generate hybrid attack graphs (HAGs) to study cyber-physical system (CPS) resilience. The HAG generation capability will utilize physics-informed CPS hybrid dynamics characterization, graph-based deep generative models, and property-preserving, multi-layer graph sampling.
- Goal I: Compile composite attack dataset describing tactics, techniques, vulnerabilities, and CPS components for characterization and generative model training.
- Goal II: Define scalable algorithms to learn low-dimensional CPS dynamic representation and attack sequence generation.
- Goal III: Generate initial set of credible HAGs for the use case of interest (e.g., IEEE 123 nodes with communication overlay representing utility industrial control systems) and SME-assisted validation.
The planned approach is to leverage a configuration of a lower-fidelity simulator platform to enable generation of data from multiple varied scenarios. The planned platform will consist of GridLAB-D and NS3 co-simulated to model both the physical and cyber attributes of the test scenarios. Credible attack sequences, identified and synthesized from historical data, the MITRE ATT&CK framework, the industrial control system kill chain, and NIST NSCORE, will be used as inputs to guide the test scenario execution. Neural Hybrid Automata and graph-based deep generative models, such as the variational graph auto-encoder and generative adversarial networks, will be utilized for CPS characterization and HAG generation. Finally, dimension reduction will be accomplished via property-preserving multi-layer graph sampling algorithms in conjunction with multiplex community detection methods and distributed computing architectures.