Visible to the public Biblio

Found 158 results

Filters: Keyword is process control  [Clear All Filters]
2023-09-18
Herath, Jerome Dinal, Wakodikar, Priti Prabhakar, Yang, Ping, Yan, Guanhua.  2022.  CFGExplainer: Explaining Graph Neural Network-Based Malware Classification from Control Flow Graphs. 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :172—184.
With the ever increasing threat of malware, extensive research effort has been put on applying Deep Learning for malware classification tasks. Graph Neural Networks (GNNs) that process malware as Control Flow Graphs (CFGs) have shown great promise for malware classification. However, these models are viewed as black-boxes, which makes it hard to validate and identify malicious patterns. To that end, we propose CFG-Explainer, a deep learning based model for interpreting GNN-oriented malware classification results. CFGExplainer identifies a subgraph of the malware CFG that contributes most towards classification and provides insight into importance of the nodes (i.e., basic blocks) within it. To the best of our knowledge, CFGExplainer is the first work that explains GNN-based mal-ware classification. We compared CFGExplainer against three explainers, namely GNNExplainer, SubgraphX and PGExplainer, and showed that CFGExplainer is able to identify top equisized subgraphs with higher classification accuracy than the other three models.
2023-09-07
Cheng, Cheng, Liu, Zixiang, Zhao, Feng, Wang, Xiang, Wu, Feng.  2022.  Security Protection of Research Sensitive Data Based on Blockchain. 2022 21st International Symposium on Distributed Computing and Applications for Business Engineering and Science (DCABES). :237–241.
In order to meet the needs of intellectual property protection and controlled sharing of scientific research sensitive data, a mechanism is proposed for security protection throughout “transfer, store and use” process of sensitive data which based on blockchain. This blockchain bottom layer security is reinforced. First, the encryption algorithm used is replaced by the national secret algorithm and the smart contract is encapsulated as API at the gateway level. Signature validation is performed when the API is used to prevent illegal access. Then the whole process of data up-chain, storage and down-chain is encrypted, and a mechanism of data structure query and data query condition construction based on blockchain smart is provided to ensure that the data is “usable and invisible”. Finally, data access control is ensured through role-based and hierarchical protection, and the blockchain base developed has good extensibility, which can meet the requirement of sensitive data security protection in scientific research filed and has broad application prospects.
ISSN: 2473-3636
2023-08-25
Chen, Qingqing, Zhou, Mi, Cai, Ziwen, Su, Sheng.  2022.  Compliance Checking Based Detection of Insider Threat in Industrial Control System of Power Utilities. 2022 7th Asia Conference on Power and Electrical Engineering (ACPEE). :1142—1147.
Compare to outside threats, insider threats that originate within targeted systems are more destructive and invisible. More importantly, it is more difficult to detect and mitigate these insider threats, which poses significant cyber security challenges to an industry control system (ICS) tightly coupled with today’s information technology infrastructure. Currently, power utilities rely mainly on the authentication mechanism to prevent insider threats. If an internal intruder breaks the protection barrier, it is hard to identify and intervene in time to prevent harmful damage. Based on the existing in-depth security defense system, this paper proposes an insider threat protection scheme for ICSs of power utilities. This protection scheme can conduct compliance check by taking advantage of the characteristics of its business process compliance and the nesting of upstream and downstream business processes. Taking the Advanced Metering Infrastructures (AMIs) in power utilities as an example, the potential insider threats of violation and misoperation under the current management mechanism are identified after the analysis of remote charge control operation. According to the business process, a scheme of compliance check for remote charge control command is presented. Finally, the analysis results of a specific example demonstrate that the proposed scheme can effectively prevent the consumers’ power outage due to insider threats.
2023-08-24
Sun, Jun, Li, Yang, Zhang, Ge, Dong, Liangyu, Yang, Zitao, Wang, Mufeng, Cai, Jiahe.  2022.  Data traceability scheme of industrial control system based on digital watermark. 2022 7th IEEE International Conference on Data Science in Cyberspace (DSC). :322–325.
The fourth industrial revolution has led to the rapid development of industrial control systems. While the large number of industrial system devices connected to the Internet provides convenience for production management, it also exposes industrial control systems to more attack surfaces. Under the influence of multiple attack surfaces, sensitive data leakage has a more serious and time-spanning negative impact on industrial production systems. How to quickly locate the source of information leakage plays a crucial role in reducing the loss from the attack, so there are new requirements for tracing sensitive data in industrial control information systems. In this paper, we propose a digital watermarking traceability scheme for sensitive data in industrial control systems to address the above problems. In this scheme, we enhance the granularity of traceability by classifying sensitive data types of industrial control systems into text, image and video data with differentiated processing, and achieve accurate positioning of data sources by combining technologies such as national secret asymmetric encryption and hash message authentication codes, and mitigate the impact of mainstream watermarking technologies such as obfuscation attacks and copy attacks on sensitive data. It also mitigates the attacks against the watermarking traceability such as obfuscation attacks and copy attacks. At the same time, this scheme designs a data flow watermark monitoring module on the post-node of the data source to monitor the unauthorized sensitive data access behavior caused by other attacks.
2023-08-18
Gawehn, Philip, Ergenc, Doganalp, Fischer, Mathias.  2022.  Deep Learning-based Multi-PLC Anomaly Detection in Industrial Control Systems. GLOBECOM 2022 - 2022 IEEE Global Communications Conference. :4878—4884.
Industrial control systems (ICSs) have become more complex due to their increasing connectivity, heterogeneity and, autonomy. As a result, cyber-threats against such systems have been significantly increased as well. Since a compromised industrial system can easily lead to hazardous safety and security consequences, it is crucial to develop security countermeasures to protect coexisting IT systems and industrial physical processes being involved in modern ICSs. Accordingly, in this study, we propose a deep learning-based semantic anomaly detection framework to model the complex behavior of ICSs. In contrast to the related work assuming only simpler security threats targeting individual controllers in an ICS, we address multi-PLC attacks that are harder to detect as requiring to observe the overall system state alongside single-PLC attacks. Using industrial simulation and emulation frameworks, we create a realistic setup representing both the production and networking aspects of industrial systems and conduct some potential attacks. Our experimental results indicate that our model can detect single-PLC attacks with 95% accuracy and multi-PLC attacks with 80% accuracy and nearly 1% false positive rate.
2023-07-19
Zhao, Hongwei, Qi, Yang, Li, Weilin.  2022.  Decentralized Power Management for Multi-active Bridge Converter. IECON 2022 – 48th Annual Conference of the IEEE Industrial Electronics Society. :1—6.
Multi-active bridge (MAB) converter has played an important role in the power conversion of renewable-based smart grids, electrical vehicles, and more/all electrical aircraft. However, the increase of MAB submodules greatly complicates the control architecture. In this regard, the conventional centralized control strategies, which rely on a single controller to process all the information, will be limited by the computation burden. To overcome this issue, this paper proposes a decentralized power management strategy for MAB converter. The switching frequencies of MAB submodules are adaptively regulated based on the submodule local information. Through this effort, flexible electrical power routing can be realized without communications among submodules. The proposed methodology not only relieves the computation burden of MAB control system, but also improves its modularity, flexibility, and expandability. Finally, the experiment results of a three-module MAB converter are presented for verification.
2023-06-09
Kumar, Vivek, Hote, Yogesh V..  2022.  Analyzing and Mitigating of Time Delay Attack (TDA) by using Fractional Filter based IMC-PID with Smith Predictor. 2022 IEEE 61st Conference on Decision and Control (CDC). :3194—3199.
In this era, with a great extent of automation and connection, modern production processes are highly prone to cyber-attacks. The sensor-controller chain becomes an obvious target for attacks because sensors are commonly used to regulate production facilities. In this research, we introduce a new control configuration for the system, which is sensitive to time delay attacks (TDA), in which data transfer from the sensor to the controller is intentionally delayed. The attackers want to disrupt and damage the system by forcing controllers to use obsolete data about the system status. In order to improve the accuracy of delay identification and prediction, as well as erroneous limit and estimation for control, a new control structure is developed by an Internal Model Control (IMC) based Proportional-Integral-Derivative (PID) scheme with a fractional filter. An additional concept is included to mitigate the effect of time delay attack, i.e., the smith predictor. Simulation studies of the established control framework have been implemented with two numerical examples. The performance assessment of the proposed method has been done based on integral square error (ISE), integral absolute error (IAE) and total variation (TV).
Lois, Robert S., Cole, Daniel G..  2022.  Designing Secure and Resilient Cyber-Physical Systems Using Formal Models. 2022 Resilience Week (RWS). :1—6.

This work-in-progress paper proposes a design methodology that addresses the complexity and heterogeneity of cyber-physical systems (CPS) while simultaneously proving resilient control logic and security properties. The design methodology involves a formal methods-based approach by translating the complex control logic and security properties of a water flow CPS into timed automata. Timed automata are a formal model that describes system behaviors and properties using mathematics-based logic languages with precision. Due to the semantics that are used in developing the formal models, verification techniques, such as theorem proving and model checking, are used to mathematically prove the specifications and security properties of the CPS. This work-in-progress paper aims to highlight the need for formalizing plant models by creating a timed automata of the physical portions of the water flow CPS. Extending the time automata with control logic, network security, and privacy control processes is investigated. The final model will be formally verified to prove the design specifications of the water flow CPS to ensure efficacy and security.

2023-05-12
Wang, Yushen, Yang, Guang, Sun, Tianwen, Yang, Kai, Zheng, Changling.  2022.  High-Performance, All-Scenario COVID-19 Pathogen Detection, Prevention, and Control System. 2022 International Conference on Computers, Information Processing and Advanced Education (CIPAE). :364–368.

Given the COVID-19 pandemic, this paper aims at providing a full-process information system to support the detection of pathogens for a large range of populations, satisfying the requirements of light weight, low cost, high concurrency, high reliability, quick response, and high security. The project includes functional modules such as sample collection, sample transfer, sample reception, laboratory testing, test result inquiry, pandemic analysis, and monitoring. The progress and efficiency of each collection point as well as the status of sample transfer, reception, and laboratory testing are all monitored in real time, in order to support the comprehensive surveillance of the pandemic situation and support the dynamic deployment of pandemic prevention resources in a timely and effective manner. Deployed on a cloud platform, this system can satisfy ultra-high concurrent data collection requirements with 20 million collections per day and a maximum of 5 million collections per hour, due to its advantages of high concurrency, elasticity, security, and manageability. This system has also been widely used in Jiangsu, Shaanxi provinces, for the prevention and control of COVID-19 pandemic. Over 100 million NAT data have been collected nationwide, providing strong informational support for scientific and reasonable formulation and execution of COVID-19 prevention plans.

Wang, Ning.  2022.  Resilience Analysis of Urban Rail Transit Network Under Large Passenger Flow. 2022 IEEE 22nd International Conference on Software Quality, Reliability, and Security Companion (QRS-C). :444–446.
Public transportation is an important system of urban passenger transport. The purpose of this article is to explore the impact of network resilience when each station of urban rail transit network was attacked by large passenger flow. Based on the capacity load model, we propose a load redistribution mechanism to simulate the passenger flow propagation after being attacked by large passenger flow. Then, taking Xi'an's rail network as an example, we study the resilience variety of the network after a node is attacked by large passenger flow. Through some attack experiments, the feasibility of the model for studying the resilience of the rail transit system is finally verified.
ISSN: 2693-9371
2023-04-14
Paul, Shuva, Chen, Yu-Cheng, Grijalva, Santiago, Mooney, Vincent John.  2022.  A Cryptographic Method for Defense Against MiTM Cyber Attack in the Electricity Grid Supply Chain. 2022 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT). :1–5.
Critical infrastructures such as the electricity grid can be severely impacted by cyber-attacks on its supply chain. Hence, having a robust cybersecurity infrastructure and management system for the electricity grid is a high priority. This paper proposes a cyber-security protocol for defense against man-in-the-middle (MiTM) attacks to the supply chain, which uses encryption and cryptographic multi-party authentication. A cyber-physical simulator is utilized to simulate the power system, control system, and security layers. The correctness of the attack modeling and the cryptographic security protocol against this MiTM attack is demonstrated in four different attack scenarios.
ISSN: 2472-8152
2023-03-17
Al-Zahrani, Basmah, Alshehri, Suhair, Cherif, Asma, Imine, Abdessamad.  2022.  Property Graph Access Control Using View-Based and Query-Rewriting Approaches. 2022 IEEE/ACS 19th International Conference on Computer Systems and Applications (AICCSA). :1–2.
Managing and storing big data is non-trivial for traditional relational databases (RDBMS). Therefore, the NoSQL (Not Only SQL) database management system emerged. It is ca-pable of handling the vast amount and the heterogeneity of data. In this research, we are interested in one of its trending types, the graph database, namely, the Directed Property Graph (DPG). This type of database is powerful in dealing with complex relationships (\$\textbackslashmathrme.\textbackslashmathrmg\$., social networks). However, its sen-sitive and private data must be protected against unauthorized access. This research proposes a security model that aims at exploiting and combining the benefits of Access Control, View-Based, and Query-Rewriting approaches. This is a novel combination for securing DPG.
ISSN: 2161-5330
2023-03-06
Deng, Weiyang, Sargent, Barbara, Bradley, Nina S., Klein, Lauren, Rosales, Marcelo, Pulido, José Carlos, Matarić, Maja J, Smith, Beth A..  2021.  Using Socially Assistive Robot Feedback to Reinforce Infant Leg Movement Acceleration. 2021 30th IEEE International Conference on Robot & Human Interactive Communication (RO-MAN). :749–756.
Learning movement control is a fundamental process integral to infant development. However, it is still unclear how infants learn to control leg movement. This work explores the potential of using socially assistive robots to provide real-time adaptive reinforcement learning for infants. Ten 6 to 8-month old typically-developing infants participated in a study where a robot provided reinforcement when the infant’s right leg acceleration fell within the range of 9 to 20 m/s2. If infants increased the proportion of leg accelerations in this band, they were categorized as "performers". Six of the ten participating infants were categorized as performers; the performer subgroup increased the magnitude of acceleration, proportion of target acceleration for right leg, and ratio of right/left leg acceleration peaks within the target acceleration band and their right legs increased movement intensity from the baseline to the contingency session. The results showed infants specifically adjusted their right leg acceleration in response to a robot- provided reward. Further study is needed to understand how to improve human-robot interaction policies for personalized interventions for young infants.
ISSN: 1944-9437
2023-02-17
Urooj, Beenish, Ullah, Ubaid, Shah, Munam Ali, Sikandar, Hira Shahzadi, Stanikzai, Abdul Qarib.  2022.  Risk Assessment of SCADA Cyber Attack Methods: A Technical Review on Securing Automated Real-time SCADA Systems. 2022 27th International Conference on Automation and Computing (ICAC). :1–6.
The world’s most important industrial economy is particularly vulnerable to both external and internal threats, such as the one uncovered in Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS). Upon those systems, the success criteria for security are quite dynamic. Security flaws in these automated SCADA systems have already been discovered by infiltrating the entire network in addition to reducing production line hazards. The objective of our review article is to show various potential future research voids that recent studies have, as well as how many methods are available to concentrate on specific aspects of risk assessment of manufactured systems. The state-of-the-art methods in cyber security risk assessment of SCADA systems are reviewed and compared in this research. Multiple contemporary risk assessment approaches developed for or deployed in the settings of a SCADA system are considered and examined in detail. We outline the approaches’ main points before analyzing them in terms of risk assessment, conventional analytical procedures, and research challenges. The paper also examines possible risk regions or locations where breaches in such automated SCADA systems can emerge, as well as solutions as to how to safeguard and eliminate the hazards when they arise during production manufacturing.
Wei, Lizhuo, Xu, Fengkai, Zhang, Ni, Yan, Wei, Chai, Chuchu.  2022.  Dynamic malicious code detection technology based on deep learning. 2022 20th International Conference on Optical Communications and Networks (ICOCN). :1–3.
In this paper, the malicious code is run in the sandbox in a safe and controllable environment, the API sequence is deduplicated by the idea of the longest common subsequence, and the CNN and Bi-LSTM are integrated to process and analyze the API sequence. Compared with the method, the method using deep learning can have higher accuracy and work efficiency.
Li, Nige, Zhou, Peng, Wang, Tengyan, Chen, Jingnan.  2022.  Control flow integrity check based on LBR register in power 5G environment. 2022 China International Conference on Electricity Distribution (CICED). :1211–1216.
This paper proposes a control flow integrity checking method based on the LBR register: through an analysis of the static target program loaded binary modules, gain function attributes such as borders and build the initial transfer of legal control flow boundary, real-time maintenance when combined with the dynamic execution of the program flow of control transfer record, build a complete profile control flow transfer security; Get the call location of /bin/sh or system() in the program to build an internal monitor for control-flow integrity checks. In the process of program execution, on the one hand, the control flow transfer outside the outline is judged as the abnormal control flow transfer with attack threat; On the other hand, abnormal transitions across the contour are picked up by an internal detector. In this method, by identifying abnormal control flow transitions, attacks are initially detected before the attack code is executed, while some attacks that bypass the coarse-grained verification of security profile are captured by the refined internal detector of control flow integrity. This method reduces the cost of control flow integrity check by using the safety profile analysis of coarse-grained check. In addition, a fine-grained shell internal detector is inserted into the contour to improve the safety performance of the system and achieve a good balance between performance and efficiency.
2023-02-03
Liu, Weidong, Li, Lei, Li, Xiaohui.  2022.  Power System Forced Oscillation Caused by Malicious Mode Attack via Coordinated Charging. 2022 IEEE/IAS Industrial and Commercial Power System Asia (I&CPS Asia). :1838–1844.
For the huge charging demands of numerous electric vehicles (EVs), coordinated charging is increasing in power grid. However, since connected with public networks, the coordinated charging control system is in a low-level cyber security and greatly vulnerable to malicious attacks. This paper investigates the malicious mode attack (MMA), which is a new cyber-attack pattern that simultaneously attacks massive EV charging piles to generate continuous sinusoidal power disturbance with the same frequency as the poorly-damped wide-area electromechanical mode. Thereby, high amplitude forced oscillations are stimulated by MMA, which seriously threats the stability of power systems and the power supply of charging stations. The potential threat of MMA is clarified by investigating the vulnerability of the IoT-based coordinated charging load control system, and an MMA process like Mirai is pointed out as an example. An MMA model is established for impact analysis. A hardware test platform is built for the verification of the MMA model. Test result verified the existence of MMA and the accuracy of the MMA model.
Li, Mingxuan, Li, Feng, Yin, Jun, Fei, Jiaxuan, Chen, Jia.  2022.  Research on Security Vulnerability Mining Technology for Terminals of Electric Power Internet of Things. 2022 IEEE 6th Information Technology and Mechatronics Engineering Conference (ITOEC). 6:1638–1642.
Aiming at the specificity and complexity of the power IoT terminal, a method of power IoT terminal firmware vulnerability detection based on memory fuzzing is proposed. Use the method of bypassing the execution to simulate and run the firmware program, dynamically monitor and control the execution of the firmware program, realize the memory fuzzing test of the firmware program, design an automatic vulnerability exploitability judgment plug-in for rules and procedures, and provide power on this basis The method and specific process of the firmware vulnerability detection of the IoT terminal. The effectiveness of the method is verified by an example.
ISSN: 2693-289X
2023-01-20
Liang, Xiao, An, Ningyu, Li, Da, Zhang, Qiang, Wang, Ruimiao.  2022.  A Blockchain and ABAC Based Data Access Control Scheme in Smart Grid. 2022 International Conference on Blockchain Technology and Information Security (ICBCTIS). :52—55.
In the smart grid, the sharing of power data among various energy entities can make the data play a higher value. However, there may be unauthorized access while sharing data, which makes many entities unwilling to share their data to prevent data leakage. Based on blockchain and ABAC (Attribute-based Access Control) technology, this paper proposes an access control scheme, so that users can achieve fine-grained access control of their data when sharing them. The solution uses smart contract to achieve automated and reliable policy evaluation. IPFS (Interplanetary File System) is used for off-chain distributed storage to share the storage pressure of blockchain and guarantee the reliable storage of data. At the same time, all processes in the system are stored in the blockchain, ensuring the accountability of the system. Finally, the experiment proves the feasibility of the proposed scheme.
Ma, Youjie, Su, Hua, Zhou, Xuesong, Tu, Fuhou.  2022.  Research on Data Security and Privacy Protection of Smart Grid Based on Alliance Chain. 2022 IEEE International Conference on Mechatronics and Automation (ICMA). :157—162.
As a new generation of power grid system, smart grid and smart meter conduct two-way communication to realize the intelligent collection, monitoring and dispatching of user power data, so as to achieve a safer, stable, reliable and efficient power grid environment. With the vigorous development of power grid, there are also some security and privacy problems. This paper uses Paillier homomorphic encryption algorithm and role-based access control strategy to ensure the privacy security in the process of multi-dimensional aggregation, data transmission and sharing of power data. Applying the characteristics of blockchain technology such as decentralization, non tampering and traceability to the smart grid can effectively solve the privacy and security problems of power data transmission and sharing in the smart grid. This paper compares Paillier encryption algorithm with PPAR algorithm and SIAHE algorithm in terms of encryption mechanism, number of aggregators and computational complexity respectively. The results show that Paillier homomorphic encryption algorithm has higher data privacy and security.
Jiang, Baoxiang, Liu, Yang, Liu, Huixiang, Ren, Zehua, Wang, Yun, Bao, Yuanyi, Wang, Wenqing.  2022.  An Enhanced EWMA for Alert Reduction and Situation Awareness in Industrial Control Networks. 2022 IEEE 18th International Conference on Automation Science and Engineering (CASE). :888–894.

Intrusion detection systems (IDSs) are widely deployed in the industrial control systems to protect network security. IDSs typically generate a huge number of alerts, which are time-consuming for system operators to process. Most of the alerts are individually insignificant false alarms. However, it is not the best solution to discard these alerts, as they can still provide useful information about network situation. Based on the study of characteristics of alerts in the industrial control systems, we adopt an enhanced method of exponentially weighted moving average (EWMA) control charts to help operators in processing alerts. We classify all detection signatures as regular and irregular according to their frequencies, set multiple control limits to detect anomalies, and monitor regular signatures for network security situational awareness. Extensive experiments have been performed using real-world alert data. Simulation results demonstrate that the proposed enhanced EWMA method can greatly reduce the volume of alerts to be processed while reserving significant abnormal information.

Milov, Oleksandr, Khvostenko, Vladyslav, Natalia, Voropay, Korol, Olha, Zviertseva, Nataliia.  2022.  Situational Control of Cyber Security in Socio-Cyber-Physical Systems. 2022 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA). :1–6.

The features of socio-cyber-physical systems are presented, which dictate the need to revise traditional management methods and transform the management system in such a way that it takes into account the presence of a person both in the control object and in the control loop. The use of situational control mechanisms is proposed. The features of this approach and its comparison with existing methods of situational awareness are presented. The comparison has demonstrated wider possibilities and scope for managing socio-cyber-physical systems. It is recommended to consider a wider class of types of relations that exist in socio-cyber-physical systems. It is indicated that such consideration can be based on the use of pseudo-physical logics considered in situational control. It is pointed out that it is necessary to design a classifier of situations (primarily in cyberspace), instead of traditional classifiers of threats and intruders.

2023-01-13
Tokareva, Marina V., Kublitskii, Anton O., Telyatnikova, Natalia A., Rogov, Anatoly A., Shkolnik, Ilya S..  2022.  Ensuring Comprehensive Security of Information Systems of Large Financial Organizations. 2022 Conference of Russian Young Researchers in Electrical and Electronic Engineering (ElConRus). :1756–1760.
The article deals with the issues of improving the quality of corporate information systems functioning and ensuring the information security of financial organizations that have a complex structure and serve a significant number of customers. The formation of the company's informational system and its integrated information security system is studied based on the process approach, methods of risk management and quality management. The risks and threats to the security of the informational system functioning and the quality of information support for customer service of a financial organization are analyzed. The methods and tools for improving the quality of information services and ensuring information security are considered on the example of an organization for social insurance. Recommendations are being developed to improve the quality of the informational system functioning in a large financial company.
Hammar, Kim, Stadler, Rolf.  2022.  A System for Interactive Examination of Learned Security Policies. NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium. :1–3.
We present a system for interactive examination of learned security policies. It allows a user to traverse episodes of Markov decision processes in a controlled manner and to track the actions triggered by security policies. Similar to a software debugger, a user can continue or or halt an episode at any time step and inspect parameters and probability distributions of interest. The system enables insight into the structure of a given policy and in the behavior of a policy in edge cases. We demonstrate the system with a network intrusion use case. We examine the evolution of an IT infrastructure’s state and the actions prescribed by security policies while an attack occurs. The policies for the demonstration have been obtained through a reinforcement learning approach that includes a simulation system where policies are incrementally learned and an emulation system that produces statistics that drive the simulation runs.
Lobanok, Oleg, Promyslov, Vitaly, Semenkov, Kirill.  2022.  Safety-Driven Approach for Security Audit of I&C Systems of Nuclear Power Plants. 2022 International Conference on Industrial Engineering, Applications and Manufacturing (ICIEAM). :545—550.
In this paper, we tried to summarize the practical experience of information security audits of nuclear power plants' automated process control system (I&C). The article presents a methodology for auditing the information security of instrumentation and control systems for nuclear power plants. The methodology was developed taking into account international and national Russian norms and rules and standards. The audit taxonomy, classification lifecycle are described. The taxonomy of information security audits shows that form, objectives of the I&C information security audit, and procedures can vary widely. A conceptual program is considered and discussed in details. The distinctive feature of the methodology is the mandatory consideration of the impact of information security on nuclear safety.