DATASETS GENERATION WITH VIRTUAL CYBER PHYSICAL SYSTEM DESIGN AND CYBER-ATTACK SIMULATION ON NUCLEAR FACILITIES

With the increasing adoption of digital instrument and control systems in nuclear facilities, cyber-attacks pose serious threats and bring a new issue to nuclear security. In response, authorities have published relevant criteria for preventing cyber-attacks in security culture and recommended to adopt Defense in Depth (DiD) strategy to cyber-security of nuclear facilities. To this end, we introduce deep learning-based time series analysis to detect cyber-attacks on nuclear facilities. Given the difficulty of deep learning models training due to the lack of cyberattacks data on nuclear facilities, we design a virtual cyber physical system (CPS) to simulate cyber-attacks and generate cyber-attack datasets. The virtual CPS deploys the human machine interface (HMI), programmable logic controller (PLC) and controlled devices connected via Modbus/TCP protocol to simulate the control processes in nuclear facilities. The simulation of cyber-attacks consists of two steps carried out separately on two independent Local Area Networks (LANs), i.e., site LAN #1, site LAN #2. In cyber-attacks, hackers obtain access to office computers in NPPs through site LAN #1 by buffer overflow attack and collect network traffic data on the attacked host. Then, we simulate hackers using the attacked host to attack the PLC through site LAN #2 to cause confusions collect network traffic data on the attacked PLC device to generate the first part of the dataset. This simulation imitates a real cyber-attack activity that could happen in nuclear facilities. And we also collect the data of the device status simultaneously to monitor the physical layer condition. To demonstrate the practicality of the generated datasets, verification experiments are performed on the proposed deep learning model. Moreover, the design of virtual CPS allows flexible generation of extensive cyberattacks datasets, which has significant benefits for further evaluation of the design of cyber security systems for nuclear facilities and the implementation of DiD.