An Unsupervised Framework for Anomaly Detection in a Water Treatment System

Current Cyber-Physical Systems (CPSs) are sophisticated, complex, and equipped with networked sensors and actuators. As such, they have become further exposed to cyber-attacks. Recent catastrophic events have demonstrated that standard, human-based management of anomaly detection in complex systems is not efficient enough and have underlined the significance of automated detection, intelligent and rapid response. Nevertheless, existing anomaly detection frameworks usually are not capable of dealing with the dynamic and complicated nature of the CPSs. In this study, we introduce an unsupervised framework for anomaly detection based on an Attention-based Spatio-Temporal Autoencoder. In particular, we first construct statistical correlation matrices to characterize the system status across different time steps. Next, a 2D convolutional encoder is employed to encode the patterns of the correlation matrices, whereas an Attention-based Convolutional LSTM Encoder-Decoder (ConvLSTM-ED) is used to capture the temporal dependencies. More precisely, we introduce an input attention mechanism to adaptively select the most significant input features at each time step. Finally, the 2D convolutional decoder reconstructs the correlation matrices. The differences between the reconstructed correlation matrices and the original ones are used as indicators of anomalies. Extensive experimental analysis on data collected from all six stages of Secure Water Treatment (SWaT) testbed, a scaled-down version of a real-world industrial water treatment plant, demonstrates that the proposed model outperforms the state-of-the-art baseline techniques.

[1]  Xinghuo Yu,et al.  An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems , 2014, Comput. Secur..

[2]  Martín Abadi,et al.  TensorFlow: Large-Scale Machine Learning on Heterogeneous Distributed Systems , 2016, ArXiv.

[3]  Renée J. Miller Big Data Curation , 2014, COMAD.

[4]  Zahir Tari,et al.  An Efficient Data-Driven Clustering Technique to Detect Attacks in SCADA Systems , 2016, IEEE Transactions on Information Forensics and Security.

[5]  Lin Wang,et al.  Abnormal Event Detection in Videos Using Hybrid Spatio-Temporal Autoencoder , 2018, 2018 25th IEEE International Conference on Image Processing (ICIP).

[6]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[7]  Henrik Sandberg,et al.  A Survey of Physics-Based Attack Detection in Cyber-Physical Systems , 2018, ACM Comput. Surv..

[8]  Trevor Darrell,et al.  Fully Convolutional Networks for Semantic Segmentation , 2017, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[9]  Mark A. Buckner,et al.  An Evaluation of Machine Learning Methods to Detect Malicious SCADA Communications , 2013, 2013 12th International Conference on Machine Learning and Applications.

[10]  Hans D. Schotten,et al.  Two decades of SCADA exploitation: A brief history , 2017, 2017 IEEE Conference on Application, Information and Network Security (AINS).

[11]  Sanjiv Kumar,et al.  On the Convergence of Adam and Beyond , 2018 .

[12]  Dit-Yan Yeung,et al.  Convolutional LSTM Network: A Machine Learning Approach for Precipitation Nowcasting , 2015, NIPS.

[13]  Clara Pizzuti,et al.  Fast Outlier Detection in High Dimensional Spaces , 2002, PKDD.

[14]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[15]  Cristina Alcaraz,et al.  A Survey of IoT-Enabled Cyberattacks: Assessing Attack Paths to Critical Infrastructures and Services , 2018, IEEE Communications Surveys & Tutorials.

[16]  Leandros A. Maglaras,et al.  Novel Intrusion Detection Mechanism with Low Overhead for SCADA Systems , 2017 .

[17]  John Salvatier,et al.  Probabilistic programming in Python using PyMC3 , 2016, PeerJ Comput. Sci..

[18]  Milos Manic,et al.  Neural Network based Intrusion Detection System for critical infrastructures , 2009, 2009 International Joint Conference on Neural Networks.

[19]  Jun Sun,et al.  Anomaly Detection for a Water Treatment System Using Unsupervised Machine Learning , 2017, 2017 IEEE International Conference on Data Mining Workshops (ICDMW).

[20]  Asaf Shabtai,et al.  Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks , 2018, CPS-SPC@CCS.

[21]  Cees Snoek,et al.  VideoLSTM convolves, attends and flows for action recognition , 2016, Comput. Vis. Image Underst..

[22]  Charu C. Aggarwal,et al.  Outlier Detection for Temporal Data: A Survey , 2014, IEEE Transactions on Knowledge and Data Engineering.

[23]  Stephen P. Boyd,et al.  Toeplitz Inverse Covariance-Based Clustering of Multivariate Time Series Data , 2017, KDD.

[24]  Geoffrey I. Webb,et al.  Encyclopedia of Machine Learning and Data Mining , 2017, Encyclopedia of Machine Learning and Data Mining.

[25]  Lovekesh Vig,et al.  LSTM-based Encoder-Decoder for Multi-sensor Anomaly Detection , 2016, ArXiv.

[26]  Sridhar Adepu,et al.  Anomaly Detection in Cyber Physical Systems Using Recurrent Neural Networks , 2017, 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE).

[27]  Alex Graves,et al.  Generating Sequences With Recurrent Neural Networks , 2013, ArXiv.

[28]  Thomas H. Morris,et al.  Machine learning for power system disturbance and cyber-attack discrimination , 2014, 2014 7th International Symposium on Resilient Control Systems (ISRCS).

[29]  Sridhar Adepu,et al.  A Dataset to Support Research in the Design of Secure Water Treatment Systems , 2016, CRITIS.

[30]  Ning Xia,et al.  Deep r -th Root of Rank Supervised Joint Binary Embedding for Multivariate Time Series Retrieval , 2018, KDD.