More Web Proxy on the site http://driver.im/

research-article

An Efficient Anomaly Detection Method for Industrial Control Systems: : Deep Convolutional Autoencoding Transformer Network

Authors:

Yanjun Xiao Academic Editor:

Yu-an TanAuthors Info & Claims

International Journal of Intelligent Systems, Volume 2024

https://doi.org/10.1155/2024/5459452

Published: 29 May 2024 Publication History

Abstract

Industrial control systems (ICSs), as critical national infrastructures, are increasingly susceptible to sophisticated security threats. To address this challenge, our study introduces the CAE-T, a deep convolutional autoencoding transformer network designed for efficient anomaly detection and real-time fault monitoring in ICS. The CAE-T utilizes unsupervised deep learning, employing a convolutional autoencoder for spatial feature extraction from multidimensional time-series data, and combines this with a transformer architecture to capture long-term temporal dependencies. The design of the model facilitates rapid training and inference, while its dual-component approach, utilizing an optimization function based on support vector data description (SVDD), enhances detection accuracy. This integration synergistically combines spatiotemporal feature extraction, significantly improving the robustness and precision of anomaly detection in ICS environments. The CAE-T model demonstrated notable performance enhancements across three industrial control system datasets. Notably, the CAE-T model achieved approximately a 70.8% increase in F1 score and a 9.2% rise in AUC on the WADI dataset. On the SWaT dataset, the model showed improvements of approximately 2.8% in F1 score and 5% in AUC. The power system dataset saw more modest gains, with an approximately 0.1% uptick in F1 score and a 1% increase in AUC. These improvements validate the CAE-T model’s efficacy and robustness in anomaly detection across various scenarios.

References

[1]

M. Serror, S. Hack, M. Henze, M. Schuba, and K. Wehrle, “Challenges and opportunities in securing the industrial internet of things,” IEEE Transactions on Industrial Informatics, vol. 17, no. 5, pp. 2985–2996, 2020.

[2]

D. Pliatsios, P. Sarigiannidis, T. Lagkas, and A. G. Sarigiannidis, “A survey on SCADA systems: secure protocols, incidents, threats and tactics,” IEEE Communications Surveys & Tutorials, vol. 22, no. 3, pp. 1942–1976, 2020.

[3]

C. Alcaraz and J. Lopez, “Digital twin: a comprehensive survey of security threats,” IEEE Communications Surveys & Tutorials, vol. 24, no. 3, pp. 1475–1503, 2022.

Digital Library

[4]

M. Conti, D. Donadel, and F. Turrin, “A survey on industrial control system testbeds and datasets for security research,” IEEE Communications Surveys & Tutorials, vol. 23, no. 4, pp. 2248–2294, 2021.

[5]

G. Falco, C. Caldera, and H. Shrobe, “IIoT cybersecurity risk modeling for SCADA systems,” IEEE Internet of Things Journal, vol. 5, no. 6, pp. 4486–4495, 2018.

[6]

I. Makhdoom, M. Abolhasan, J. Lipman, R. P. Liu, and W. Ni, “Anatomy of threats to the internet of things,” IEEE communications surveys & tutorials, vol. 21, no. 2, pp. 1636–1675, 2019.

[7]

N. Neshenko, E. Bou-Harb, J. Crichigno, G. Kaddoum, and N. Ghani, “Demystifying IoT security: an exhaustive survey on IoT vulnerabilities and a first empirical look on Internet-scale IoT exploitations,” IEEE Communications Surveys & Tutorials, vol. 21, no. 3, pp. 2702–2733, 2019.

[8]

K. Tange, M. De Donno, X. Fafoutis, and N. Dragoni, “A systematic survey of industrial Internet of Things security: requirements and fog computing opportunities,” IEEE Communications Surveys & Tutorials, vol. 22, no. 4, pp. 2489–2520, 2020.

[9]

I. Stellios, P. Kotzanikolaou, M. Psarakis, C. Alcaraz, and J. Lopez, “A survey of iot-enabled cyberattacks: assessing attack paths to critical infrastructures and services,” IEEE Communications Surveys & Tutorials, vol. 20, no. 4, pp. 3453–3495, 2018.

Digital Library

[10]

T. K. Das, S. Adepu, and J. Zhou, “Anomaly detection in industrial control systems using logical analysis of data,” Computers & Security, vol. 96, 2020.

[11]

S. E. Benkabou, K. Benabdeslem, V. Kraus, K. Bourhis, and B. Canitia, “Local anomaly detection for multivariate time series by temporal dependency based on Poisson model,” IEEE Transactions on Neural Networks and Learning Systems, vol. 33, no. 11, pp. 6701–6711, 2022.

[12]

Z. H. Zhou, “A brief introduction to weakly supervised learning,” National Science Review, vol. 5, no. 1, pp. 44–53, 2018.

[13]

X. Cui, S. Liu, Z. Lin, J. Ma, F. Wen, Y. Ding, L. Yang, W. Guo, X. Feng, and X. Feng, “Two-step electricity theft detection strategy considering economic return based on convolutional autoencoder and improved regression algorithm,” IEEE Transactions on Power Systems, vol. 37, no. 3, pp. 2346–2359, 2022.

[14]

J. Kuang, G. Xu, T. Tao, and Q. Wu, “Class-imbalance adversarial transfer learning network for cross-domain fault diagnosis with imbalanced data,” IEEE Transactions on Instrumentation and Measurement, vol. 71, pp. 1–11, 2022.

[15]

M. Petković, S. Džeroski, and D. Kocev, “Feature ranking for semi-supervised learning,” Machine Learning, vol. 112, no. 11, pp. 4379–4408, 2023.

Digital Library

[16]

Z. Li, Y. Sun, L. Yang, Z. Zhao, and X. Chen, “Unsupervised machine anomaly detection using autoencoder and temporal convolutional network,” IEEE Transactions on Instrumentation and Measurement, vol. 71, pp. 1–13, 2022.

[17]

Z. Liao, Y. Li, E. Xia, Y. Liu, and R. Hu, “A twice denoising autoencoder framework for random seismic noise attenuation,” IEEE Transactions on Geoscience and Remote Sensing, vol. 61, pp. 1–15, 2023.

[18]

T. Ergen and S. S. Kozat, “Unsupervised anomaly detection with LSTM neural networks,” IEEE Transactions on Neural Networks and Learning Systems, vol. 31, no. 8, pp. 3127–3141, 2020.

[19]

M. Astekin, H. Zengin, and H. Sözer, “Evaluation of distributed machine learning algorithms for anomaly detection from large-scale system logs: a case study,” in Proceedings of the 2018 IEEE International Conference on Big Data (Big Data), pp. 2071–2077, IEEE, Venice, Italy, December 2018.

[20]

B. Zong, Q. Song, M. R. Min, W. Cheng, C. Lumezanu, D. Cho, and H. Chen, “Deep autoencoding Gaussian mixture model for unsupervised anomaly detection,” in Proceedings of the International Conference on Learning Representations, Vienna, Austria, February 2018.

[21]

C. Zhang, D. Song, Y. Chen, X. Feng, C. Lumezanu, W. Cheng, J. Ni, B. Zong, H. Chen, N. V. Chawla, and N. V. Chawla, “A deep neural network for unsupervised anomaly detection and diagnosis in multivariate time series data,” Proceedings of the AAAI Conference on Artificial Intelligence, vol. 33, no. 01, pp. 1409–1416, 2019.

Digital Library

[22]

Y. Zhang, Y. Chen, J. Wang, and Z. Pan, “Unsupervised deep anomaly detection for multi-sensor time-series signals,” IEEE Transactions on Knowledge and Data Engineering, vol. 35, no. 2, pp. 1–2132, 2021.

[23]

A. Dukkipati, D. Ghoshdastidar, and J. Krishnan, “Mixture modeling with compact support distributions for unsupervised learning,” in Proceedings of the 2016 International Joint Conference on Neural Networks (IJCNN), pp. 2706–2713, IEEE, Columbia, Canada, July 2016.

[24]

P. Jokar, N. Arianpoo, and V. C. Leung, “Electricity theft detection in AMI using customers’ consumption patterns,” IEEE Transactions on Smart Grid, vol. 7, no. 1, pp. 216–226, 2016.

[25]

D. Renaudie, M. A. Zuluaga, and R. Acuna-Agost, “Benchmarking anomaly detection algorithms in an industrial context: dealing with scarce labels and multiple positive types,” in Proceedings of the 2018 IEEE International Conference on Big Data (Big Data), pp. 1228–1237, IEEE, Venice, Italy, December 2018.

[26]

E. Gyamfi and A. D. Jurcut, “Novel online network intrusion detection system for industrial IoT based on OI-SVDD and AS-ELM,” IEEE Internet of Things Journal, vol. 10, no. 5, pp. 3827–3839, 2023.

[27]

Z. Tian, C. Luo, J. Qiu, X. Du, and M. Guizani, “A distributed deep learning system for web attack detection on edge devices,” IEEE Transactions on Industrial Informatics, vol. 16, no. 3, pp. 1963–1971, 2020.

[28]

J. Audibert, P. Michiardi, F. Guyard, S. Marti, and M. A. Zuluaga, “Usad: unsupervised anomaly detection on multivariate time series,” in Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pp. 3395–3404, Anchorage, AK, USA, August 2020.

[29]

Y. Su, Y. Zhao, C. Niu, R. Liu, W. Sun, and D. Pei, “Robust anomaly detection for multivariate time series through stochastic recurrent neural network,” in Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pp. 2828–2837, Anchorage, AK, USA, July 2019.

Digital Library

[30]

A. Erba, R. Taormina, S. Galelli, M. Pogliani, M. Carminati, S. Zanero, and N. O. Tippenhauer, “Constrained concealment attacks against reconstruction-based anomaly detectors in industrial control systems,” in Proceedings of the 36th Annual Computer Security Applications Conference, pp. 480–495, Austin, TX, USA, December 2020.

[31]

S. Tuli, G. Casale, and N. R. Jennings, “Tranad: deep transformer networks for anomaly detection in multivariate time series data,” 2022, https://arxiv.org/abs/2201.07284.

[32]

D. Li, D. Chen, B. Jin, L. Shi, J. Goh, and S. K. Ng, “MAD-GAN: multivariate anomaly detection for time series data with generative adversarial networks,” in Proceedings of the International Conference on Artificial Neural Networks, pp. 703–716, Berlin, Germany, September 2019.

[33]

W. Ullah, A. Ullah, I. U. Haq, K. Muhammad, M. Sajjad, and S. W. Baik, “CNN features with bi-directional LSTM for real-time anomaly detection in surveillance networks,” Multimedia Tools and Applications, vol. 80, no. 11, pp. 16979–16995, 2021.

Digital Library

[34]

A. Siffer, P. A. Fouque, A. Termier, and C. Largouet, “Anomaly detection in streams with extreme value theory,” in Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1067–1075, Halifax, NS, USA, August 2017.

[35]

A. P. Mathur and N. O. Tippenhauer, “SWaT: a water treatment testbed for research and training on ICS security,” in Proceedings of the 2016 International Workshop on Cyber-Physical Systems for Smart Water Networks (CySWater), pp. 31–36, IEEE, Vienna, Austria, April 2016.

[36]

C. M. Ahmed, V. R. Palleti, and A. P. Mathur, “WADI: a water distribution testbed for research in the design of secure cyber physical systems,” in Proceedings of the 3rd International Workshop on Cyber-Physical Systems for Smart Water Networks, pp. 25–28, Pittsburgh, PA, USA, April 2017.

[37]

S. Pan, T. Morris, and U. Adhikari, “Developing a hybrid intrusion detection system using data mining for power systems,” IEEE Transactions on Smart Grid, vol. 6, no. 6, pp. 3104–3113, 2015.

[38]

K. Wang, A. Zhang, H. Sun, and B. Wang, “Analysis of recent deep-learning-based intrusion detection methods for in-vehicle network,” IEEE Transactions on Intelligent Transportation Systems, vol. 24, no. 2, pp. 1–12, 2022.

[39]

Y. Xiong, N. Wu, H. Wang, and J. Kuang, “Cooperative detection-assisted localization in wireless networks in the presence of ranging outliers,” IEEE Transactions on Communications, vol. 65, no. 12, pp. 5165–5179, 2017.

[40]

Y. Xiong, N. Wu, Y. Shen, and M. Z. Win, “Cooperative network synchronization: asymptotic analysis,” IEEE Transactions on Signal Processing, vol. 66, no. 3, pp. 757–772, 2018.

[41]

S. Wang, B. Z. Li, M. Khabsa, H. Fang, and H. Ma, “Linformer: self-attention with linear complexity,” 2020, https://arxiv.org/abs/2006.04768.

[42]

S. Bagchi, T. F. Abdelzaher, R. Govindan, P. Shenoy, A. Atrey, P. Ghosh, and R. Xu, “New frontiers in IoT: networking, systems, reliability, and security challenges,” IEEE Internet of Things Journal, vol. 7, no. 12, pp. 11330–11346, 2020.

[43]

D. Upadhyay, J. Manero, M. Zaman, and S. Sampalli, “Gradient boosting feature selection with machine learning classifiers for intrusion detection on power grids,” IEEE Transactions on Network and Service Management, vol. 18, no. 1, pp. 1104–1116, 2021.

Digital Library

[44]

M. Deng, X. Wu, P. Chen, and W. Zeng, “A hybrid column and constraint generation method for network behavior anomaly detection,” in Proceedings of the 2020 IEEE 20th International Conference on Communication Technology (ICCT), pp. 1107–1111, Nanning, China, October 2020.

[45]

B. Hussain, Q. Du, B. Sun, and Z. Han, “Deep learning-based DDoS-attack detection for cyber–physical system over 5G network,” IEEE Transactions on Industrial Informatics, vol. 17, no. 2, pp. 860–870, 2021.

[46]

M. O. Mustafa, G. Georgoulas, and G. Nikolakopoulos, “Principal component analysis anomaly detector for rotor broken bars,” in Proceedings of theIECON 2014-40th Annual Conference of the IEEE Industrial Electronics Society, pp. 3462–3467, IEEE, Dallas, TX, USA, October 2014.

[47]

J. Hu, K. Kaur, H. Lin, X. Wang, M. M. Hassan, I. Razzak, and M. Hammoudeh, “Intelligent anomaly detection of trajectories for IoT empowered maritime transportation systems,” IEEE Transactions on Intelligent Transportation Systems, vol. 24, no. 2, pp. 2382–2391, 2022.

Cited By

Shan NXu XBao XCheng FLiao TQiu S(2024)A Data and Knowledge Fusion‐Driven Early Fault Warning Method for Traction Control SystemsInternational Journal of Intelligent Systems10.1155/2024/51151482024:1Online publication date: 24-Aug-2024
https://doi.org/10.1155/2024/5115148

Recommendations

State-aware anomaly detection for industrial control systems
SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing

Anomaly detection for industrial control systems (ICS) can leverage process data to detect malicious derivations from expected process behavior. We propose state-aware anomaly detection that uses state dependent detection thresholds, which provide ...
Anomaly Detection in Industrial Control System using FSODCONV Method
ICISS '23: Proceedings of the 2023 6th International Conference on Information Science and Systems

With the automatization of Industrial control systems (ICS), the anomalies attack increase in ICS as its parts are connected to the internet. The interconnectivity of critical infrastructure parts of ICS leads to cyber-attacks and some traditional ...
Super Detector: An Ensemble Approach for Anomaly Detection in Industrial Control Systems
Critical Information Infrastructures Security
Abstract
Industrial Control Systems encompass supervisory systems (SCADA) and cyber-physical components (sensors/actuators), which are typically deployed in critical infrastructure to control physical processes. Their interconnectedness and controllability ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image International Journal of Intelligent Systems

International Journal of Intelligent Systems Volume 2024, Issue

2024

2566 pages

ISSN:0884-8173

Issue’s Table of Contents

Copyright © 2024 Wenli Shang et al.

This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Publisher

John Wiley and Sons Ltd.

United Kingdom

Publication History

Published: 29 May 2024

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Shan NXu XBao XCheng FLiao TQiu S(2024)A Data and Knowledge Fusion‐Driven Early Fault Warning Method for Traction Control SystemsInternational Journal of Intelligent Systems10.1155/2024/51151482024:1Online publication date: 24-Aug-2024
https://doi.org/10.1155/2024/5115148

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents