eprintid: 10183247
rev_number: 7
eprint_status: archive
userid: 699
dir: disk0/10/18/32/47
datestamp: 2023-12-07 13:20:59
lastmod: 2023-12-07 13:20:59
status_changed: 2023-12-07 13:20:59
type: article
metadata_visibility: show
sword_depositor: 699
creators_name: Tuptuk, Nilufer
creators_name: Hailes, Stephen
title: Identifying vulnerabilities of industrial control systems using evolutionary multiobjective optimisation
ispublished: pub
divisions: UCL
divisions: B04
divisions: C05
divisions: F52
keywords: Cybersecurity; Vulnerabilities; Adversarial attacks; 
Evolutionary multiobjective optimisation; 
Industrial control systems
note: Copyright © 2023 The Author(s). Published by Elsevier Ltd. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).
abstract: In this paper, we propose a novel methodology to assist in identifying vulnerabilities in real-world complex heterogeneous industrial control systems (ICS) using two Evolutionary Multiobjective Optimisation (EMO) algorithms, NSGA-II and SPEA2. Our approach is evaluated on a well-known benchmark chemical plant simulator, the Tennessee Eastman (TE) process model. We identified vulnerabilities in individual components of the TE model and then made use of these vulnerabilities to generate combinatorial attacks. The generated attacks were aimed at compromising the safety of the system and inflicting economic loss. Results were compared against random attacks, and the performance of the EMO algorithms was evaluated using hypervolume, spread, and inverted generational distance (IGD) metrics. A defence against these attacks in the form of a novel intrusion detection system was developed, using machine learning algorithms. The designed approach was further tested against the developed detection methods. The obtained results demonstrate that the developed EMO approach is a promising tool in the identification of the vulnerable components of ICS, and weaknesses of any existing detection systems in place to protect the system. The proposed approach can serve as a proactive defense tool for control and security engineers to identify and prioritise vulnerabilities in the system. The approach can be employed to design resilient control strategies and test the effectiveness of security mechanisms, both in the design stage and during the operational phase of the system.
date: 2024-02
date_type: published
publisher: Elsevier BV
official_url: https://doi.org/10.1016/j.cose.2023.103593
oa_status: green
full_text_type: pub
language: eng
primo: open
primo_central: open_green
verified: verified_manual
elements_id: 2115428
doi: 10.1016/j.cose.2023.103593
lyricists_name: Tuptuk, Nilufer
lyricists_id: NTUPT87
actors_name: Flynn, Bernadette
actors_id: BFFLY94
actors_role: owner
full_text_status: public
publication: Computers & Security
volume: 137
article_number: 103593
issn: 0167-4048
citation:        Tuptuk, Nilufer;    Hailes, Stephen;      (2024)    Identifying vulnerabilities of industrial control systems using evolutionary multiobjective optimisation.                   Computers & Security , 137     , Article 103593.  10.1016/j.cose.2023.103593 <https://doi.org/10.1016/j.cose.2023.103593>.       Green open access   
 
document_url: https://discovery.ucl.ac.uk/id/eprint/10183247/1/1-s2.0-S0167404823005035-main.pdf