Big Data Computing for Digital Forensics on Industrial Control Systems

The paper describes our initial effort on an experimental capability for the collection and analysis of big data of forensics value from the industrial control systems that operate the electrical power grid. The collection over the network of extensive logs of forensics value is performed through a distributed file system, which is designed to safeguard the real-time requirements of industrial control systems and networks. To achieve that goal, we are pursuing an approach that calculates the time and communication complexity of the algorithms that run on industrial control systems, and thus leverages control theory, CPU scheduling, and optimizations of the file system structure and cryptographic mechanisms. The forensics data analytics is done through big data computing algorithms, which are being designed via knowledge discovery from big data, descriptive statistics, predictive analytics based on statistical inference and probability theory, as well as distributed algorithms over very large graphs and matrices. The big data computing algorithms are run on a local cluster of commodity computers, with an eye towards deployment on cloud computing.