Mitigating Security Threats in Industrial Cyber-Physical Systems Using Autonomous Agents

The security and safety of cyber-physical systems (CPS) against cyber threats continue to be questioned. Malware has now evolved to the point where it can make autonomous decisions and adapt to surrounding conditions to avoid being detected. However, the manual analysis of intrusion detection alarms remains ineffective to respond to targeted and persistent threats in real time before the damage is done. Indeed, safety-critical CPS should be able to tolerate intrusions and continue to carry out their main operations in adversarial scenarios. To address these limitations, this project aims to safeguard industrial CPS against zero-day threats by adopting an active defense approach that leverages autonomous agents to attenuate the impact of attacks. Moving away from programmable and static security, we will design and build self-learning and stealthy agents that are able to dynamically hunt, detect, and respond to intelligent and sophisticated adversaries in real time without human intervention. By harnessing the power of multi-agent reinforcement learning, these agents will generate optimal and adaptive security policies without prior knowledge of potential threats, deploy complex cyber deception scenarios, and protect themselves against adversarial learning. Our solution will enable the system to autonomously suggest, plan, and execute complex defense decisions in response to active attacks to maximize protection and maintain system stability within acceptable ranges. The goal is to transform the Observe-Orient-Decide-Act loop in traditional cyber defense into an autonomous process by capturing the knowledge of human experts in an automated tool that can identify known and unknown threats and execute mitigation actions on the fly, especially when the response time and accuracy required is impractical at the full CPS scale for human-powered cyber defense.