Industrial control systems (ICS) form the operational backbone of critical infrastructure networks (CIN) such as power grids, water supply systems, and gas pipelines. As cyber threats to these systems escalate, regulatory agencies are imposing stricter compliance requirements to ensure system-wide security and reliability. A central challenge, however, is enabling regulators to verify the effectiveness of detection mechanisms without requiring utilities to disclose sensitive operational data. In this paper, we introduce zkSTAR, a cyberattack detection framework that leverages zk-SNARKs to reconcile these requirements and enable provable detection guarantees while preserving data confidentiality. Our approach builds on established residual-based statistical hypothesis testing methods applied to state-space detection models. Specifically, we design a two-pronged zk-SNARK architecture that enforces (i) temporal consistency of the state-space dynamics and (ii) statistical consistency of the detection tests, enabling regulators to verify correctness and prevent suppression of alarms without visibility into utility-level data. We formally analyze the soundness and zero-knowledge properties of our framework and validate its practical feasibility through computational experiments on real-world ICS datasets. As a result, our work demonstrates a scalable, privacy-preserving alternative for regulatory compliance for ICS driven critical infrastructure networks.

翻译：工业控制系统（ICS）构成了关键基础设施网络（CIN）——如电网、供水系统和天然气管道——的运营骨干。随着针对这些系统的网络威胁升级，监管机构正在实施更严格的合规要求，以确保系统范围的安全性和可靠性。然而，一个核心挑战在于，如何使监管机构能够验证检测机制的有效性，同时无需公用事业公司披露敏感的运营数据。本文介绍了zkSTAR，这是一个网络攻击检测框架，它利用zk-SNARKs来调和这些需求，在保护数据机密性的同时，提供可证明的检测保证。我们的方法建立在应用于状态空间检测模型的、成熟的基于残差的统计假设检验方法之上。具体而言，我们设计了一个双管齐下的zk-SNARK架构，该架构强制执行（i）状态空间动力学的时间一致性，以及（ii）检测测试的统计一致性，从而使监管机构能够验证正确性并防止警报被压制，而无需查看公用事业级别的数据。我们形式化地分析了我们框架的可靠性和零知识属性，并通过在真实世界ICS数据集上的计算实验验证了其实际可行性。因此，我们的工作为ICS驱动的关键基础设施网络的监管合规性，展示了一种可扩展的、保护隐私的替代方案。