zkSTAR: A zero knowledge system for time series attack detection enforcing regulatory compliance in critical infrastructure networks
Paritosh Ramanan, H. M. Mohaimanul Islam, Abhiram Reddy Alugula
TL;DR
zkSTAR tackles regulatory oversight of data-driven ICS attack detection under privacy constraints by introducing zkSNARK-based proofs of temporal and statistical consistency for an EKF-based detector. It formalizes TC and SC properties, proves knowledge-soundness against attack suppression, and implements a kernelized zkSNARK architecture to keep proof generation scalable. Experimental results on HAI and ORNL-PS datasets show robust detection quality, low verifier latency, and feasible resource usage for real-world deployments. The approach enables privacy-preserving, verifiable regulatory compliance in critical infrastructure networks, reducing audit costs while maintaining data confidentiality.
Abstract
Industrial control systems (ICS) form the operational backbone of critical infrastructure networks (CIN) such as power grids, water supply systems, and gas pipelines. As cyber threats to these systems escalate, regulatory agencies are imposing stricter compliance requirements to ensure system-wide security and reliability. A central challenge, however, is enabling regulators to verify the effectiveness of detection mechanisms without requiring utilities to disclose sensitive operational data. In this paper, we introduce zkSTAR, a cyberattack detection framework that leverages zk-SNARKs to reconcile these requirements and enable provable detection guarantees while preserving data confidentiality. Our approach builds on established residual-based statistical hypothesis testing methods applied to state-space detection models. Specifically, we design a two-pronged zk-SNARK architecture that enforces (i) temporal consistency of the state-space dynamics and (ii) statistical consistency of the detection tests, enabling regulators to verify correctness and prevent suppression of alarms without visibility into utility-level data. We formally analyze the soundness and zero-knowledge properties of our framework and validate its practical feasibility through computational experiments on real-world ICS datasets. As a result, our work demonstrates a scalable, privacy-preserving alternative for regulatory compliance for ICS driven critical infrastructure networks.
