This post is also available in:
עברית (Hebrew)
A new intrusion detection system is offering a more efficient way to identify and defend against advanced cyber threats targeting critical infrastructure like power grids and water systems. Developed by researchers at the CARES Laboratory at Texas A&M University, the system—called RADIANT (Reactive Autoencoder Defense for Industrial Adversarial Network Threats)—is designed to detect stealth attacks that often evade traditional cybersecurity tools.
Stealth attacks are a particularly challenging subset of cyber intrusions. Instead of triggering alarms, they manipulate network traffic in ways that appear harmless to both automated detection systems and human operators. These tactics allow attackers to compromise control systems while remaining undetected.
RADIANT addresses this by introducing a reactive layer that sits on top of existing machine learning-based intrusion detection systems. Unlike current approaches that require costly and time-consuming retraining of systems to adapt to new threats, RADIANT doesn’t rely on retraining. Instead, it reconstructs incoming data in real time and flags inconsistencies for further inspection. This process helps filter out adversarial manipulations while maintaining accurate detection during normal operations.
According to TechXplore, the goal is to boost resilience without disrupting ongoing activities or overburdening existing systems. Importantly, RADIANT is designed for deployment in time-sensitive environments, including substations, microgrids, and process plants, where delays or false positives can have serious consequences.
Researchers plan to expand the system’s testing to include adaptive attackers who may try to exploit knowledge of RADIANT’s methodology, as well as additional types of decision-based attacks. There are also plans for real-world field studies involving human operators, aimed at measuring response time, accuracy, and integration with daily workflows.
By adding a low-overhead defensive layer that strengthens existing detection systems, RADIANT offers a new approach to securing industrial control networks against increasingly sophisticated threats. As attacks on critical infrastructure continue to grow in scale and complexity, tools like this may play a key role in improving operational security and response capabilities without requiring a complete overhaul of current systems.
The research was published in Computers and Security.
