Explainable deep learning for attack intelligence and combating cyber-physical attacks

Cyber-physical control loops comprising sensors, actuators and controllers pose the most valued and critical part of the industrial Internet of Things (IIoT) as it regulates the state of the physical process, such as water treatment or gas flow. Thus, any malicious activities could lead to physical damage, affecting human safety. Cyber-physical attacks against the physical process are difficult to detect using existing threats and attack intelligence due to the (1) lack of such intelligence for the physical process and operational technology systems and (2) such attacks affect the process parameters and states. Artificial Intelligence (AI)-based attack intelligence is required. This study proposes an attack intelligence framework for identifying cyber- physical attacks and extracting attack intelligence. We propose an attribution module for attack identification using various machine and deep learning algorithms. We also utilize Explainable AI (XAI) to improve the explainability of the attack attribution module and extract attack intelligence. Our proposed framework is evaluated and tested using a gas pipeline dataset as a use case. We demonstrate that the proposed framework improves the understanding of attacks and provides attack rules, assisting security analysts in securing critical physical processes.