Anomaly Detection with Generative Adversarial Networks for Multivariate Time Series

Today's Cyber-Physical Systems (CPSs) are large, complex, and affixed with networked sensors and actuators that are targets for cyber-attacks. Conventional detection techniques are unable to deal with the increasingly dynamic and complex nature of the CPSs. On the other hand, the networked sensors and actuators generate large amounts of data streams that can be continuously monitored for intrusion events. Unsupervised machine learning techniques can be used to model the system behaviour and classify deviant behaviours as possible attacks. In this work, we proposed a novel Generative Adversarial Networks-based Anomaly Detection (GAN-AD) method for such complex networked CPSs. We used LSTM-RNN in our GAN to capture the distribution of the multivariate time series of the sensors and actuators under normal working conditions of a CPS. Instead of treating each sensor's and actuator's time series independently, we model the time series of multiple sensors and actuators in the CPS concurrently to take into account of potential latent interactions between them. To exploit both the generator and the discriminator of our GAN, we deployed the GAN-trained discriminator together with the residuals between generator-reconstructed data and the actual samples to detect possible anomalies in the complex CPS. We used our GAN-AD to distinguish abnormal attacked situations from normal working conditions for a complex six-stage Secure Water Treatment (SWaT) system. Experimental results showed that the proposed strategy is effective in identifying anomalies caused by various attacks with high detection rate and low false positive rate as compared to existing methods.

[1]  Carlos Murguia,et al.  Model-based Attack Detection Scheme for Smart Water Distribution Networks , 2017, AsiaCCS.

[2]  Wojciech Zaremba,et al.  Improved Techniques for Training GANs , 2016, NIPS.

[3]  S. W. Roberts Control chart tests based on geometric moving averages , 2000 .

[4]  Nils Ole Tippenhauer,et al.  SWaT: a water treatment testbed for research and training on ICS security , 2016, 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater).

[5]  Qiang Chen,et al.  An anomaly detection technique based on a chi‐square statistic for detecting intrusions into information systems , 2001 .

[6]  Jinoh Kim,et al.  A survey of deep learning-based network anomaly detection , 2017, Cluster Computing.

[7]  Fu Xiao,et al.  A robust pattern recognition-based fault detection and diagnosis (FDD) method for chillers , 2014 .

[8]  Minitab Statistical Methods for Quality Improvement , 2001 .

[9]  P. Miller,et al.  Contribution plots: a missing link in multivariate quality control , 1998 .

[10]  Douglas C. Montgomery,et al.  Some Statistical Process Control Methods for Autocorrelated Data , 1991 .

[11]  Tao Xu,et al.  SegAN: Adversarial Network with Multi-scale L1 Loss for Medical Image Segmentation , 2017, Neuroinformatics.

[12]  W. Woodall,et al.  Multivariate CUSUM Quality- Control Procedures , 1985 .

[13]  Charles W. Champ,et al.  A multivariate exponentially weighted moving average control chart , 1992 .

[14]  Guoqiang Hu,et al.  A data-driven strategy for detection and diagnosis of building chiller faults using linear discriminant analysis , 2016 .

[15]  S. W. Roberts,et al.  Control Chart Tests Based on Geometric Moving Averages , 2000, Technometrics.

[16]  Vipin Kumar,et al.  Anomaly Detection for Discrete Sequences: A Survey , 2012, IEEE Transactions on Knowledge and Data Engineering.

[17]  Guoqiang Hu,et al.  Fusing system configuration information for building cooling plant Fault Detection and severity level identification , 2016, 2016 IEEE International Conference on Automation Science and Engineering (CASE).

[18]  Fu Xiao,et al.  Bayesian network based FDD strategy for variable air volume terminals , 2014 .

[19]  Leslie K. Norford,et al.  Robust model-based fault diagnosis for air handling units , 2015 .

[20]  Steven X. Ding,et al.  A Review on Basic Data-Driven Approaches for Industrial Process Monitoring , 2014, IEEE Transactions on Industrial Electronics.

[21]  Georg Langs,et al.  Unsupervised Anomaly Detection with Generative Adversarial Networks to Guide Marker Discovery , 2017, IPMI.

[22]  I. Jolliffe Principal Component Analysis , 2002 .

[23]  Peter B. Luh,et al.  Building Energy Doctors: An SPC and Kalman Filter-Based Method for System-Level Fault Detection in HVAC Systems , 2014, IEEE Transactions on Automation Science and Engineering.

[24]  Yang Liu,et al.  Least-Squares Fault Detection and Diagnosis for Networked Sensing Systems Using A Direct State Estimation Approach , 2013, IEEE Transactions on Industrial Informatics.

[25]  Debajyoti Mukhopadhyay,et al.  A Survey of Classification Techniques in the Area of Big Data , 2015, ArXiv.

[26]  Marion R. Reynolds,et al.  EWMA CONTROL CHARTS FOR MONITORING THE MEAN OF AUTOCORRELATED PROCESSES , 1999 .

[27]  Guoqiang Hu,et al.  Optimal Sensor Configuration and Feature Selection for AHU Fault Detection and Diagnosis , 2017, IEEE Transactions on Industrial Informatics.

[28]  Bo Fan,et al.  Fault detection and diagnosis for buildings and HVAC systems using combined neural networks and subtractive clustering analysis , 2014 .

[29]  Sridhar Adepu,et al.  Distributed Detection of Single-Stage Multipoint Cyber Attacks in a Water Treatment Plant , 2016, AsiaCCS.

[30]  Sridhar Adepu,et al.  Anomaly Detection in Cyber Physical Systems Using Recurrent Neural Networks , 2017, 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE).

[31]  G. Mustafaraj,et al.  Development of room temperature and relative humidity linear parametric models for an open office using BMS data , 2010 .

[32]  Burton Andrews,et al.  Detection of anomalous events from unlabeled sensor data in smart building environments , 2011, 2011 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[33]  Qiang Chen,et al.  Computer intrusion detection through EWMA for autocorrelated and uncorrelated data , 2003, IEEE Trans. Reliab..

[34]  Olof Mogren,et al.  C-RNN-GAN: Continuous recurrent neural networks with adversarial training , 2016, ArXiv.

[35]  Yoshua Bengio,et al.  Generative Adversarial Nets , 2014, NIPS.

[36]  Gunnar Rätsch,et al.  Real-valued (Medical) Time Series Generation with Recurrent Conditional GANs , 2017, ArXiv.

[37]  Zhiwei Gao,et al.  From Model, Signal to Knowledge: A Data-Driven Perspective of Fault Detection and Diagnosis , 2013, IEEE Transactions on Industrial Informatics.

[38]  Sridhar Adepu,et al.  A Dataset to Support Research in the Design of Secure Water Treatment Systems , 2016, CRITIS.

[39]  Jin Wen,et al.  A model-based fault detection and diagnostic methodology based on PCA method and wavelet transform , 2014 .

[40]  Chuan Sheng Foo,et al.  Efficient GAN-Based Anomaly Detection , 2018, ArXiv.

[41]  Heng Tao Shen,et al.  Principal Component Analysis , 2009, Encyclopedia of Biometrics.

[42]  Soumith Chintala,et al.  Unsupervised Representation Learning with Deep Convolutional Generative Adversarial Networks , 2015, ICLR.

[43]  Minh N. Do,et al.  Semantic Image Inpainting with Perceptual and Contextual Losses , 2016, ArXiv.

[44]  Guoqiang Hu,et al.  Fault detection and diagnosis for building cooling system with a tree-structured learning method , 2016 .