📝 SummarXiv

Abstract

There is increased interest in applying Artificial Intelligence and Machine Learning (AI/ML) within the nuclear industry and nuclear engineering community. Effective implementation of AI/ML could offer benefits to the nuclear domain, including enhanced identification of anomalies, anticipation of system failures, and operational schedule optimization. However, limited work has been done to investigate the feasibility and applicability of AI/ML tools in a functioning nuclear reactor. Here, we go beyond the development of a single model and introduce a multi-layered AI/ML architecture that integrates both information technology and operational technology data streams to identify, characterize, and differentiate (i) among diverse cybersecurity events and (ii) between cyber events and other operational anomalies. Leveraging Purdue Universitys research reactor, PUR-1, we demonstrate this architecture through a representative use case that includes multiple concurrent false data injections and denial-of-service attacks of increasing complexity under realistic reactor conditions. The use case includes 14 system states (1 normal, 13 abnormal) and over 13.8 million multi-variate operational and information technology data points. The study demonstrated the capability of AI/ML to distinguish between normal, abnormal, and cybersecurity-related events, even under challenging conditions such as denial-of-service attacks. Combining operational and information technology data improved classification accuracy but posed challenges related to synchronization and collection during certain cyber events. While results indicate significant promise for AI/ML in nuclear cybersecurity, the findings also highlight the need for further refinement in handling complex event differentiation and multi-class architectures.