Visible to the public A Knowledge Representation and Information Fusion Framework for Decision Making in Complex Cyber-Physical Systems

Abstract:

Modern distributed cyber-physical systems (CPSs) encounter a large variety of physical faults and cyber anomalies and in many cases, they are vulnerable to catastrophic fault propagation scenarios due to strong connectivity among the sub-systems. Most of the current anomaly detection approaches lack in scalability, robustness and flexibility, as they heavily depend on domain knowledge based on rules and first-principle based models that need meticulous calibration and validation, and have difficulty in simultaneously processing continuous, temporal data from physical space and discrete, event-driven data from cyber space. This project proposes a new data-driven framework for system-wide anomaly detection, root cause analysis, systemwide event propagation and impact analysis for addressing such issues. A data-driven framework for system-wide anomaly detection has been developed and validated on case studies with simulated data and an integrated building system. The framework is based on a spatiotemporal feature extraction scheme built on the concept of symbolic dynamics for discovering and representing causal interactions among the subsystems of a CPS. The extracted spatiotemporal features are then used to learn system-wide patterns via a Restricted Boltzmann Machine (RBM). The anomaly detection process developed here uses the concept of free energy of RBM which is an energy based probabilistic graphical model, and the anomaly is detected via detecting a low probability event. The proposed framework has the following advantages: (i) can capture multiple modes as nominal condition, within a single model and hence reduces the modeling and reasoning complexity; (ii) can detect both global anomaly and local anomaly; (iii) can process mixed data types, especially two kinds of data in distributed CPSs including continuous temporal information from sensors and actuators of physical space and discrete event-driven data from cyber space; (iv) robust as it is designed to identify only persistent anomalies. While the current work is focusing on validating the method for a large variety of scenarios, quantifying false alarm and missed detection rates, further works will pursue the following: (i) using the graphical model for root-cause analysis for various anomalies, (ii) stacked RBM approach to capture more complex nominal patterns, (iii) detection of simultaneous multiple faults in distributed CPS, (iv) system-wide event propagation and impact analysis in both off-line and on-line fashion, and (v) experimental study on interlock house, including physical faults and cyber anomalies. This project is supported by the National Science Foundation under Grant No. CNS-1464279.

License: 
Creative Commons 2.5
Switch to experimental viewer