PROTECT: A transparent cyber-attack detection and simulation system for industrial energy supplier environments

Abstract:
Current AI-based intrusion detection systems encounter significant challenges in achieving a widespread utiliza-tion in safety-critical infrastructures such as energy systems. These challenges are reflected in issues such as unre-liable performance (e.g., high false-positive rates), lack of trust, and missing verifiability for specific cyber-attack vectors. To address these concerns, this paper introduces a transparent cyber-attack detection and simulation platform specifically for energy supplier infrastructures. The platform provides transparent cyber-attack detec-tion solutions to safeguard the communication networks within these infrastructures. An agent-based simulation system is used to create network traces including a wide range of labelled multi-stage cyber-attacks. With that, the system enables the development and evaluation of XAI-based cyber-attack detection methods that particularly target energy infrastructures. Furthermore, the proposed platform includes an interface for AI and cybersecurity experts to recalibrate and fine-tune detection models using an active learning approach. First detection and expla-nation results are shown on simulated and benchmark network traffic datasets.