IEM's Ramanan researching decentralized cyberattack detection methods
Monday, September 30, 2024
Media Contact: Tanner Holubar | Communications Specialist | 405-744-2065 | tanner.holubar@okstate.edu
There are arguably no assets more important than critical infrastructure networks, making the data they collect all the more valuable. From the energy and transportation sectors to emergency services and health care, data in critical infrastructure sectors is an ideal target of cybercriminals.
When critical infrastructure networks are hit by a cyberattack, it can lead to detrimental impacts across the entire network due to the physical and operational interdependence of stakeholders. Most of these networks require centralized data aggregation and computation, an area that researchers in the College of Engineering, Architecture and Technology at Oklahoma State University are trying to tackle.
Researchers in CEAT have recently been awarded more than $480,000 by the National Science Foundation to develop decentralized cyberattack detection mechanisms for large-scale critical infrastructure networks.
Dr. Paritosh Ramanan, assistant professor in the School of Industrial Engineering and Management, is leading the project and serves as the sole principal investigator for the study.
With critical infrastructure being of great commercial and economic importance, data is managed over large-scale networks commonly spread over a large geographic area. These infrastructure systems are typically owned and operated by multiple stakeholder entities using their own industrial control systems.
“In some cases, there might be like an overseeing authority, which might be coordinating with all the stakeholders," Ramanan said. "But the key here is the fact that there is a control system that basically regulates what is happening and takes corrective and preventive action depending on stability, such as something that is going wrong in one part of your own network among the bigger global network.”
When a cyberattack occurs, a stakeholder, through their ICS, may see some data come across that they think is suspicious. They might think of it as equipment failure while being unable to pinpoint the exact cause of the disturbance as being the result of an actual attack.
In a decentralized network, the detection of a cyberattack would give stakeholders more real-time information. It is a challenging problem to solve because a stakeholder would need to be able to distinguish in real time if something is an equipment failure or a potential cyberattack.
“The problem we’re trying to tackle is to find out if we can use a decentralized network to give that type of situational awareness to all the stakeholders so they can try to be better prepared and more agile in their response to such attacks,” Ramanan said.
The project will use blockchains and decentralized file systems to provide a network framework to help ensure the validity of models parameters and proofs created through this research.
One primary goal of this project is to develop trustworthy models for detecting cyberattacks identifying false alarms.
This would allow trustable, verifiable outcomes from data analytics algorithms without needing to directly access the data.
Having the ability to look at the network and have real-time information can save a lot of time, as data mining can be a time-consuming process when trying to detect the reason for a malfunction.
“If you are able to give them timely insights that the network is facing some threat, then they can take some measures to mitigate the threat,” Ramanan said.
The project will take place in three phases beginning in October. In the first phase, the algorithmic base will be developed. The second phase consists of developing decentralized, machine-learning algorithms that can quantify the interdependence that exists between all stakeholders.
In the third phase, the algorithms will be implemented using an open-source software called Gustavo. This is a decentralized analytics and machine-learning engine Ramanan’s team built in the lab. It was previously used in a project with NASA to simulate self-aware, autonomous deep-space habitats.
“We are going to run all of our experiments and observe the scalability and the use cases in terms of how efficient our implementation is,” Ramanan said. “We will try to reduce the challenges from that perspective.”
These experiments are going to be implemented on the Cyber Physical Resiliency Simulation (CYPRESS) testbed that is part of the DISys Lab, led by Ramanan. Using CYPRESS and Gustavo, researchers will be able to analyze results through real-world simulations of different stakeholders involved.
“The set of computers is heterogeneous just like we would find in the real world,” Ramanan said. “And the idea is, using our algorithms, to study how they would perform in a near real-time environment.”
Two graduate students will be involved in the research, and Ramanan said he would like to recruit a student pursuing their master’s degree who would develop their thesis based on this research project.
Supporting a hackathon to inspire students
Part of the funding from NSF will be used to support an annual hackathon, designed to get students interested in cyber security.
The hackathon will take place in Spring 2025, and participants will be given a challenge related to decentralized cyber security that will help the research project. There is also an effort to involve students from underrepresented groups in the hackathon.
“The NSF award is prestigious and is something I am incredibly grateful for,” Ramanan said. “As an organization, to get that kind of support to build this research and to support these broader impact activities, it is great.”
Visit here to learn more about Dr. Ramaman’s research.