Abstract: Security-critical infrastructures like the power grid have substations whose controllers are vulnerable to attacks, including zero-day attacks. Attacks against the control code of a power grid station can be catastrophic. Earlier detection of the attacks can prevent further damage. We propose a data-driven, deep learning architecture to detect anomalous behavior in a power-grid controller. The deep learning training is done on only normal behavior derived from the controller processor’s low-level behavior. We then detect on-line anomalous behavior from deviations from predicted normal behavior. This enabled us to detect six types of attacks with extremely high accuracy. Our goal is to collect more normal behavior of realistic power-grid systems running real control code, and test and improve our solution with more benign and malicious (attack) anomalous behavior.
Bio: Ruby B. Lee is the Forest G. Hamrick Professor in Engineering and Professor of Electrical Engineering at Princeton University. At her Princeton Architecture Lab for Multimedia and Security (PALMS), Prof. Lee ‘s research includes designing security-aware architectures for processors, smartphones and cloud computing. She also designs intrinsically secure hardware, such as secure cache architectures that use novel strategies for defeating cache side channel attacks. Her research also includes machine learning and deep learning techniques for implicit user authentication using smartphone sensors and for detecting attacks and other anomalies in computer and cyber-physical systems. Prof. Lee is a Fellow of ACM and IEEE, has over 130 U.S. and international patents, and many publications in both computer architecture and computer security conferences. Prior to Princeton, Lee was chief architect at Hewlett Packard computer systems, responsible at different times for processor architecture, multimedia architecture and security architecture. She was an original architect of the PA-RISC processor architecture used in HP’s business, technical and industrial control computer families, and architect of the first multimedia subword-parallel instructions in commercial microprocessors.