zkSTAR: A zero knowledge system for time series attack detection enforcing regulatory compliance in critical infrastructure networks
- URL: http://arxiv.org/abs/2510.23060v1
- Date: Mon, 27 Oct 2025 06:45:11 GMT
- Title: zkSTAR: A zero knowledge system for time series attack detection enforcing regulatory compliance in critical infrastructure networks
- Authors: Paritosh Ramanan, H. M. Mohaimanul Islam, Abhiram Reddy Alugula,
- Abstract summary: Industrial control systems (ICS) form the operational backbone of critical infrastructure networks.<n>Regulators are imposing stricter compliance requirements to ensure system-wide security and reliability.<n>A central challenge is enabling regulators to verify the effectiveness of detection mechanisms without requiring utilities to disclose sensitive operational data.<n>We introduce zkSTAR, a cyberattack detection framework that leverages zk-SNARKs to reconcile these requirements and enable provable detection guarantees.
- Score: 0.9558392439655014
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Industrial control systems (ICS) form the operational backbone of critical infrastructure networks (CIN) such as power grids, water supply systems, and gas pipelines. As cyber threats to these systems escalate, regulatory agencies are imposing stricter compliance requirements to ensure system-wide security and reliability. A central challenge, however, is enabling regulators to verify the effectiveness of detection mechanisms without requiring utilities to disclose sensitive operational data. In this paper, we introduce zkSTAR, a cyberattack detection framework that leverages zk-SNARKs to reconcile these requirements and enable provable detection guarantees while preserving data confidentiality. Our approach builds on established residual-based statistical hypothesis testing methods applied to state-space detection models. Specifically, we design a two-pronged zk-SNARK architecture that enforces temporal consistency of the state-space dynamics and statistical consistency of the detection tests, allowing regulators to temporally verify alarm correctness without visibility into utility-level data. We formally analyze the soundness and zero knowledge properties of our framework and validate its practical feasibility through computational experiments on real-world ICS datasets. As a result, our work demonstrates a scalable, privacy-preserving alternative for regulatory compliance for ICS driven critical infrastructure networks.
Related papers
- Robust Verification of Controllers under State Uncertainty via Hamilton-Jacobi Reachability Analysis [49.31947916567367]
Hamilton-Jacobi (J) reachability analysis is a popular formal verification tool for general nonlinear systems that can compute optimal reachable under worst-case uncertainties.<n>This work is the first HJ-based reachability-based system verification framework for the Robust Verification Controllers via HJ rover.<n>Within Ro-CoRe, we propose novel methods for safety verification and controller design.
arXiv Detail & Related papers (2025-11-18T18:55:20Z) - Differential Privacy for Regulatory Compliance in Cyberattack Detection on Critical Infrastructure Systems [0.0]
This paper presents a cyberattack detection framework geared towards enhancing regulatory confidence while alleviating privacy concerns of CIN stakeholders.<n>We show that our method induces a misclassification error rate comparable to the non-DP cases while delivering robust privacy guarantees.
arXiv Detail & Related papers (2025-08-11T17:10:49Z) - Verification of Visual Controllers via Compositional Geometric Transformations [49.81690518952909]
We introduce a novel verification framework for perception-based controllers that can generate outer-approximations of reachable sets.<n>We provide theoretical guarantees on the soundness of our method and demonstrate its effectiveness across benchmark control environments.
arXiv Detail & Related papers (2025-07-06T20:22:58Z) - Blockchain Powered Edge Intelligence for U-Healthcare in Privacy Critical and Time Sensitive Environment [0.559239450391449]
We propose an autonomous computing model for privacy-critical and time-sensitive health applications.<n>The system supports continuous monitoring, real-time alert notifications, disease detection, and robust data processing and aggregation.<n>A secure access scheme is defined to manage both off-chain and on-chain data sharing and storage.
arXiv Detail & Related papers (2025-05-31T06:58:52Z) - CANTXSec: A Deterministic Intrusion Detection and Prevention System for CAN Bus Monitoring ECU Activations [53.036288487863786]
We propose CANTXSec, the first deterministic Intrusion Detection and Prevention system based on physical ECU activations.<n>It detects and prevents classical attacks in the CAN bus, while detecting advanced attacks that have been less investigated in the literature.<n>We prove the effectiveness of our solution on a physical testbed, where we achieve 100% detection accuracy in both classes of attacks while preventing 100% of FIAs.
arXiv Detail & Related papers (2025-05-14T13:37:07Z) - Breaking the Flow and the Bank: Stealthy Cyberattacks on Water Network Hydraulics [3.360922672565235]
Stealthy False Data Injection Attacks (SFDIAs) can compromise system operations while avoiding detection.<n>This paper presents a systematic analysis of sensor attacks against water distribution networks (WDNs)<n>We propose several attack formulations that range from tailored strategies satisfying both physical and detection constraints to simpler measurement manipulations.
arXiv Detail & Related papers (2025-04-24T02:54:20Z) - Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS)
FLEKD enables a more flexible aggregation method than conventional model fusion techniques.
Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z) - Investigating Robustness in Cyber-Physical Systems: Specification-Centric Analysis in the face of System Deviations [8.8690305802668]
A critical attribute of cyber-physical systems (CPS) is robustness, denoting its capacity to operate safely.
This paper proposes a novel specification-based robustness, which characterizes the effectiveness of a controller in meeting a specified system requirement.
We present an innovative two-layer simulation-based analysis framework designed to identify subtle robustness violations.
arXiv Detail & Related papers (2023-11-13T16:44:43Z) - FedDiSC: A Computation-efficient Federated Learning Framework for Power
Systems Disturbance and Cyber Attack Discrimination [1.0621485365427565]
This paper proposes a novel Federated Learning-based privacy-preserving and communication-efficient attack detection framework, known as FedDiSC.
We put forward a representation learning-based Deep Auto-Encoder network to accurately detect power system and cybersecurity anomalies.
To adapt our proposed framework to the timeliness of real-world cyberattack detection in SGs, we leverage the use of a gradient privacy-preserving quantization scheme known as DP-SIGNSGD.
arXiv Detail & Related papers (2023-04-07T13:43:57Z) - Recursively Feasible Probabilistic Safe Online Learning with Control Barrier Functions [60.26921219698514]
We introduce a model-uncertainty-aware reformulation of CBF-based safety-critical controllers.
We then present the pointwise feasibility conditions of the resulting safety controller.
We use these conditions to devise an event-triggered online data collection strategy.
arXiv Detail & Related papers (2022-08-23T05:02:09Z) - No Need to Know Physics: Resilience of Process-based Model-free Anomaly
Detection for Industrial Control Systems [95.54151664013011]
We present a novel framework to generate adversarial spoofing signals that violate physical properties of the system.
We analyze four anomaly detectors published at top security conferences.
arXiv Detail & Related papers (2020-12-07T11:02:44Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.