Search papers, labs, and topics across Lattice.
This paper introduces an Information-Theoretic Digital Twin (IT-DT) framework for detecting stealthy False Data Injection Attacks (FDIAs) in Industrial Control Systems (ICS). The framework combines N4SID system identification with steady-state Kalman filtering to quantify residual distribution shifts using closed-form Kullback-Leibler (KL) divergence. Experiments on SWaT and WADI datasets demonstrate that IT-DT achieves superior precision and F1-scores (0.832 and 0.615, respectively) compared to deep learning baselines like TranAD, while also offering a 600x inference speedup on CPU hardware.
Ditch the deep learning bloat: a closed-form information-theoretic digital twin spots subtle ICS attacks with 600x faster inference on CPUs.
Digital twins (DTs) are increasingly used to monitor and secure Industrial Control Systems (ICS), yet detecting stealthy False Data Injection Attacks (FDIAs) that manipulate system states within normal physical bounds remains challenging. Deep learning anomaly detectors often over-generalize such subtle manipulations, while classical fault detection methods do not scale well in highly correlated multivariate systems. We propose a closed-loop Information-Theoretic Digital Twin (IT-DT) framework for real-time anomaly detection. N4SID identification is combined with steady-state Kalman filtering to quantify residual distribution shifts via closed-form KL divergence, capturing both mean deviations and malicious cross-covariance shifts. Evaluations on the SWaT and WADI datasets show that IT-DT achieves F1-scores of 0.832 and 0.615, respectively, with better precision than deep learning baselines such as TranAD. Computational profiling indicates that the analytical approach requires minimal memory and provides approximately a 600x inference speedup over transformer-based methods on CPU hardware. This makes the framework suitable for resource-constrained industrial edge controllers without GPU acceleration.
