Industrial control systems are a fundamental component of critical infrastructure networks (CIN) such as gas, water and power. With the growing risk of cyberattacks, regulatory compliance requirements are also increasing for large scale critical infrastructure systems comprising multiple utility stakeholders. The primary goal of regulators is to ensure overall system stability with recourse to trustworthy stakeholder attack detection. However, adhering to compliance requirements requires stakeholders to also disclose sensor and control data to regulators raising privacy concerns. In this paper, we present a cyberattack detection framework that utilizes differentially private (DP) hypothesis tests geared towards enhancing regulatory confidence while alleviating privacy concerns of CIN stakeholders. The hallmark of our approach is a two phase privacy scheme that protects the privacy of covariance, as well as the associated sensor driven test statistics computed as a means to generate alarms. Theoretically, we show that our method induces a misclassification error rate comparable to the non-DP cases while delivering robust privacy guarantees. With the help of real-world datasets, we show the reliability of our DP-detection outcomes for a wide variety of attack scenarios for interdependent stakeholders.

翻译：工业控制系统是天然气、供水和电力等关键基础设施网络（CIN）的核心组成部分。随着网络攻击风险的日益增加，由多个公用事业利益相关方构成的大规模关键基础设施系统面临的监管合规要求也日趋严格。监管机构的主要目标是通过依赖可信的利益相关方攻击检测来确保整体系统稳定性。然而，遵守合规要求需要利益相关方向监管机构披露传感器与控制数据，这引发了隐私担忧。本文提出一种网络攻击检测框架，该框架采用面向差分隐私（DP）的假设检验方法，旨在增强监管信心的同时缓解CIN利益相关方的隐私顾虑。本方法的突出特点是采用两阶段隐私保护方案，既保护协方差的隐私性，也保护作为警报生成手段的传感器驱动检验统计量的隐私性。理论上，我们证明该方法在提供强健隐私保障的同时，产生的误分类错误率与非差分隐私方案相当。通过真实世界数据集的验证，我们展示了该方法在多种相互依赖利益相关方攻击场景下差分隐私检测结果的可靠性。