Visible to the public An error neighborhood-based detection mechanism to improve the performance of anomaly detection in industrial control systems

TitleAn error neighborhood-based detection mechanism to improve the performance of anomaly detection in industrial control systems
Publication TypeConference Paper
Year of Publication2022
AuthorsShen, Wendi, Yang, Genke
Conference Name2022 International Conference on Mechanical, Automation and Electrical Engineering (CMAEE)
Keywordsanomaly detection, detection mechanism, ICS Anomaly Detection, industrial control, industrial control system, integrated circuits, Mechanical sensors, performance evaluation, Predictive models, pubcrawl, Real-time Systems, resilience, Resiliency, Scalability, Sensor phenomena and characterization, unsupervised learning
AbstractAnomaly detection for devices (e.g, sensors and actuators) plays a crucial role in Industrial Control Systems (ICS) for security protection. The typical framework of deep learning-based anomaly detection includes a model to predict or reconstruct the state of devices and a detection mechanism to determine anomalies. The majority of anomaly detection methods use a fixed threshold detection mechanism to detect anomalous points. However, the anomalies caused by cyberattacks in ICSs are usually continuous anomaly segments. In this paper, we propose a novel detection mechanism to detect continuous anomaly segments. Its core idea is to determine the start and end times of anomalies based on the continuity characteristics of anomalies and the dynamics of error. We conducted experiments on the two real-world datasets for performance evaluation using five baselines. The F1 score increased by 3.8% on average in the SWAT dataset and increased by 15.6% in the WADI dataset. The results show a significant improvement in the performance of baselines using an error neighborhood-based continuity detection mechanism in a real-time manner.
DOI10.1109/CMAEE58250.2022.00013
Citation Keyshen_error_2022