WEBVTT 1 00:00:13.316 --> 00:00:14.776 My name is Erik Ferragut. 2 00:00:14.836 --> 00:00:16.766 I'm an applied research mathematician 3 00:00:16.766 --> 00:00:18.326 at Oak Ridge National Laboratory. 4 00:00:18.816 --> 00:00:20.896 CPAD is a technology 5 00:00:20.896 --> 00:00:23.636 for detecting real-time cyber-physical 6 00:00:23.636 --> 00:00:24.526 integrity attacks 7 00:00:24.606 --> 00:00:26.396 in your system using data 8 00:00:26.396 --> 00:00:27.646 that you are already collecting. 9 00:00:27.846 --> 00:00:29.326 The problem of data integrity is 10 00:00:29.326 --> 00:00:31.236 something that you see across lots 11 00:00:31.236 --> 00:00:33.276 of cyber-physical systems. 12 00:00:33.276 --> 00:00:34.956 Our technology uses machine learning 13 00:00:35.256 --> 00:00:37.416 to look across the variety of sensors 14 00:00:37.416 --> 00:00:38.846 in a cyber-physical system. 15 00:00:39.016 --> 00:00:41.166 We then learn the relationships among 16 00:00:41.166 --> 00:00:42.636 those sensors, the correlations 17 00:00:42.636 --> 00:00:44.136 and constraints that have to hold. 18 00:00:44.866 --> 00:00:46.966 And using that model that we build, 19 00:00:46.966 --> 00:00:48.916 we can apply it to real streaming data 20 00:00:49.366 --> 00:00:52.096 to alert whenever there's a deviation 21 00:00:52.146 --> 00:00:53.116 from what has to hold 22 00:00:53.116 --> 00:00:54.876 in the physically realizable state. 23 00:00:55.166 --> 00:00:58.116 Our approach to detecting integrity 24 00:00:58.116 --> 00:00:59.466 attacks is different because we look 25 00:00:59.466 --> 00:01:02.726 across all of the sensors and are able 26 00:01:02.726 --> 00:01:04.546 to use those correlations to identify 27 00:01:05.196 --> 00:01:07.396 when there's a deviation from normal. 28 00:01:07.666 --> 00:01:08.726 Compared to other methods, 29 00:01:08.726 --> 00:01:12.626 we found we can get 30 plus times 30 00:01:12.626 --> 00:01:15.426 as accurate in identifying whether there 31 00:01:15.526 --> 00:01:17.946 was an attack and where in your system 32 00:01:17.946 --> 00:01:18.846 that attack occurred. 33 00:01:19.066 --> 00:01:22.506 We've tested this on both simulated 34 00:01:22.506 --> 00:01:25.326 and real data and found 99 percent 35 00:01:25.326 --> 00:01:26.996 accuracy in the simulated data, 36 00:01:26.996 --> 00:01:29.056 87 percent accuracy in the real data, 37 00:01:29.436 --> 00:01:31.016 and we're still working on ways 38 00:01:31.016 --> 00:01:31.866 of improving that. 39 00:01:32.596 --> 00:01:33.666 CPAD allows you 40 00:01:33.666 --> 00:01:36.446 to do real-time data integrity attack 41 00:01:36.586 --> 00:01:38.756 detection on your cyber-physical system. 42 00:01:39.016 --> 00:01:39.796 And you can do it 43 00:01:39.796 --> 00:01:41.196 with data you're already collecting.