Explainable AI in Industrial Control Systems
CS-D-23
Lidor Proger; lidorpr@ac.sce.ac.il
Nitay Talker; nitayta@ac.sce.ac.il Maxim Chapel; maximch2ac.sce.ac.il
Advisors: Dr. Aviad Elyashar1, Prof. Shlomo Greenberg1 1SCE - Shamoon College of Engineering, Be’er-Sheva
Industrial control systems (ICSs) are infrastructures that monitor and control industrial processes in critical sectors like energy, water, and manufacturing. As cyber threats against ICSs increase, anomaly detection plays a vital role in ensuring system security. However, traditional AI-based anomaly detection models function as black boxes, making it difficult to understand the AI decision-making process. Our project integrated Explainable Artificial Intelligence (XAI) techniques into ICS anomaly detection to enhance transparency and trust in AI-driven security solutions. We applied machine learning and deep-learning models to detect anomalies in ICS datasets, specifically using the "secure water treatment" (SWaT) dataset. By implementing feature attribution methods, such as SHAP (SHapley Additive exPlanations), we provided clear reasoning for why an anomaly was detected.
Keywords: anomaly detection, cybersecurity, deep learning, explainable AI (XAI), industrial control systems (ICS), interpretability, machine learning
Container Security Vulnerability Scanner
CS-D-24
Ron Cohen; ronc7500@gmail.com Avraham Alhazov; avrahamalhazov@gmail.com
Advisors: Mr. Yossi Atias1, Prof. Shlomo Greenberg2 1CyberSecurity Entrepreneur
2SCE - Shamoon College of Engineering, Be’er-Sheva
This project integrated Trivy's open-source vulnerability scanning with Microsoft Autogen-powered AI agents, to enhance Docker container security. Unlike traditional scanners that produce extensive reports requiring manual interpretation, our system employs large language models (LLMs) to provide contextual analysis, accurate severity assessment, and tailored remediation strategies. The AI agent identifies vulnerabilities, explains their potential impact, and recommends specific fixes aligned with security policies. This intelligent security tool effectively bridges the gap between vulnerability detection and remediation for DevOps teams, transforming raw scan data into actionable security insights.
Keywords: AI agent, containerization, cybersecurity, Docker, large language models, Microsoft Autogen, open source, remediation, Trivy, vulnerability scanning
Book of Abstracts | 2025
 51