Using Bayesian Networks for Root Cause Analysis of Observable Problems in Cyber-Physical Systems

Modern societies rely on proper functioning of Critical Infrastructures (CIs) in different sectors such as energy, transportation, and water management which is vital for economic growth and societal wellbeing. Over the years, CIs have become dependent on Cyber-Physical Systems (CPSs) to ensure efficient operations, which are responsible for monitoring and steering processes as, among others, electric power generation, automotive production, and flood control. Such systems are susceptible to both attacks [1] and technical failures [2]. Because of modern societies’ dependence on CPSs, adequate response to observable problems is essential. In order to select appropriate response strategies, it is crucial for decision-makers to be able to distinguish between attacks and technical failures. Once they can distinguish between attacks and technical failures, it is also important for decision-makers to be able to determine the most likely root cause (for instance, the attack vector used to cause an observable problem) to select appropriate response strategies. In most cases, the initiation of a response strategy, presumably aimed at technical failures, would be ineffective in the event of a targeted attack and may lead to further complications. For instance, replacing a sensor that is sending incorrect measurement data with a new sensor would be a suitable response strategy to technical failure of the sensor. However, this may not be an appropriate response strategy to an attack on the sensor, as it would not block the corresponding attack vector. If the decision-makers could determine that the observable problem was due to an attack, the appropriate response strategies to block each attack vector could be different. For instance, the appropriate response strategy for a data manipulation attack on the sensor could be different from physical tampering of the sensor. The initiation of inappropriate response strategies would delay the recovery of the system from adversaries and might lead to harmful consequences. Noticeably, there is a lack of decision support to determine the most likely root cause of observable problems. Bayesian Networks (BNs) have the capacity to tackle this challenge especially based on their real-world applications in medical diagnosis [3] and fault diagnosis [4]. In our previous work, we developed a framework for constructing BN models to enable decision-makers to distinguish between attacks and technical failures [5]. However, this framework is incomplete without the capability to determine the most likely root cause of observable problems. In this work, we use BNs to tackle the challenge of determining the most likely root cause of observable problems as they enable diagnostic reasoning. Firstly, we propose a framework for constructing BN models to determine the most likely root cause of observable problems. We customised and utilised three different types of variables from existing diagnostic BN models which constitutes our framework. Furthermore, we demonstrated the use of the proposed framework using an example in smart grids. Finally, we highlight the challenges and future research directions.