pith. sign in

arxiv: 2508.08190 · v3 · pith:4Q2YF4GZnew · submitted 2025-08-11 · 💻 cs.CR

PRECISE: Private Regulatory Compliance for Cyberattack Detection on Critical Infrastructure Systems

classification 💻 cs.CR
keywords privacydetectioncompliancecriticalinfrastructurepreciseregulatorystakeholders
0
0 comments X
read the original abstract

Industrial control systems are a fundamental component of critical infrastructure networks (CIN) such as gas, water, and power. With the growing risk of cyberattacks, regulatory compliance requirements are also increasing for large scale critical infrastructure systems comprising multiple utility stakeholders. The primary goal of regulators is to ensure overall system stability with recourse to trustworthy stakeholder attack detection. However, adhering to compliance requirements requires stakeholders to also disclose sensor and control data to regulators, raising privacy concerns. In this paper, we present a cyberattack detection framework PRECISE, that utilizes differentially private (DP) hypothesis tests geared towards enhancing regulatory confidence while alleviating privacy concerns of CIN stakeholders. The hallmark of our approach is a two phase privacy scheme applying Laplacian DP to covariance matrix disclosures and Gaussian Differential Privacy (GDP) to state-space residuals derived from a Non-Linear Kalman Filter LSTM model. We formally characterize the GDP-induced test statistic via the non-central chi-squared distribution and derive tight bounds on misclassification rates and equivalent DP levels of significance. Theoretically, we show that our method induces a misclassification error rate comparable to the non-DP cases while delivering robust privacy guarantees. Using real-world HAI and ORNL-PS datasets, we demonstrate that under strong differential privacy guarantees on both covariance and residual disclosures, PRECISE matches non-DP detection outcomes in over 88% of cases within 600 seconds of attack onset for the HAI dataset and over 92% for the ORNL-PS dataset, while maintaining false alarm rates below 9% across all tested DP parameter configurations.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.