(279d) Physics-Informed Graph Convolutional Recurrent Network for Cyber-Attack Detection in Chemical Process Networks

The ongoing expansion of automation and digital systems in industrial processes has enhanced productivity across the chemical manufacturing sector. However, this growing dependence on interconnected sensor networks and automated control frameworks also increases the risk of cyber-attacks. In chemical operations, where maintaining proper temperature, pressure, and flow rates is important for safety and consistency, any malicious disruption can be devastating, ranging from minor economic setbacks to significant environmental harm or even threats to human life [1]. Monitoring and controlling chemical process networks is inherently difficult because of their nonlinear characteristics and the intricate interdependencies among multiple, dynamically changing subsystems. The presence of cyber-attacks further compounds these challenges, as compromised sensor signals can mislead control algorithms and steer the process away from its intended operating conditions [2-4]. Therefore, detecting such cyber-attacks at an early stage is vital to safeguarding the stability and safety of these complex industrial systems.

Traditional methods for cyber-attack detection in industrial control systems often rely on first-principles models, which describe how unit operations should behave using detailed thermodynamic and kinetic relationships. However, constructing accurate first-principles models for complex chemical process networks is challenging, primarily due to the nonlinear dynamics and interlinked variables inherent in these systems. On the other hand, purely data-driven approaches typically require extensive labeled data sets to capture the diverse modes of normal and attacked operations [5]. Unfortunately, collecting data specifically reflecting cyber-attacks in real-world chemical processes is challenging. Motivated by concerns over limited data availability, physics-informed neural networks (PINNs) have gained attention as a promising approach to combine data-driven methods with domain-specific insights [6]. Nonetheless, current PINN-based detection strategies struggle in complex chemical process networks, where multiple interconnected subsystems exhibit intricate, nonlinear interactions. Therefore, it is significant to integrate other forms of priori knowledge (e.g., process topology) to improve the model’s detection capabilities.

Graph neural networks (GNNs) offer a structured way to process graph-based inputs, efficiently modeling the relationships and interactions among nodes and edges [7]. By representing unit operations, control loops, and pipelines as nodes and edges in a directed graph, GNNs can learn how disturbances propagate from one part of the plant to another. However, at this stage, the incorporation of GNNs into cyber-attack detection for distributed nonlinear systems has not been investigated. Additionally, the role of topological knowledge has yet to be fully integrated into GNN architectures, which is important for understanding the underlying dynamics and identifying abnormal behaviors that evolve over time. Therefore, there is a pressing need for advanced detection strategies that integrate spatial and temporal information from process networks to effectively monitor and protect nonlinear chemical systems.

Building on these observations, in this work, we introduce a physics-informed graph convolutional recurrent network (PIGCRN) aimed at detecting cyber-attacks in nonlinear chemical process networks. First, we present a novel strategy to embed topological knowledge of the process network into a directed graph framework, followed by a data-driven approach to assign weights to each edge. Next, we integrate graph convolutional networks (GCNs) with long short-term memory (LSTM) layers, thereby capturing both spatial relationships and temporal dynamics within the process network. In addition, we incorporate known cyber-attack patterns into a physics-informed loss function to enhance detection accuracy and robustness, even with limited training data. Finally, the proposed PIGCRN detector is implemented on a two-reactor system simulated in Aspen Plus Dynamics, where multiple sensor compromise scenarios are introduced. The results show that by using prior knowledge of process topology and cyber-attack behavior, the PIGCRN outperforms conventional data-driven methods in detecting cyber-attacks.

References:

[1] Parker, S., Wu, Z., & Christofides, P. D. (2023). Cybersecurity in process control, operations, and supply chain. Computers & Chemical Engineering, 171, 108169.

[2] Oyama, H., & Durand, H. (2020). Integrated cyberattack detection and resilient control strategies using Lyapunov‐based economic model predictive control. AIChE Journal, 66(12), e17084.

[3] Narasimhan, S., El‐Farra, N. H., & Ellis, M. J. (2022). Detectability‐based controller design screening for processes under multiplicative cyberattacks. AIChE Journal, 68(1), e17430.

[4] Rangan, K. K., Oyama, H., & Durand, H. (2021). Integrated cyberattack detection and handling for nonlinear systems with evolving process dynamics under Lyapunov-based economic model predictive control. Chemical Engineering Research and Design, 170, 147-179.

[5] Wu, Z., Albalawi, F., Zhang, J., Zhang, Z., Durand, H., & Christofides, P. D. (2018). Detecting and handling cyber-attacks in model predictive control of chemical processes. Mathematics, 6(10), 173.

[6] Wu, G., Wang, Y., & Wu, Z. (2024). Physics-informed machine learning in cyber-attack detection and resilient control of chemical processes. Chemical Engineering Research and Design, 204, 544-555.

[7] Wu, Z., Pan, S., Chen, F., Long, G., Zhang, C., & Philip, S. Y. (2020). A comprehensive survey on graph neural networks. IEEE transactions on neural networks and learning systems, 32(1), 4-24.