Deepnoise: Learning sensor and process noise to detect data integrity attacks in CPS

Cyber-physical systems (CPS) have been widely deployed in critical infrastructures and are vulnerable to various attacks. Data integrity attacks manipulate sensor measurements and cause control systems to fail, which are one of the prominent threats to CPS. Anomaly detection methods are proposed to...

Full description

Saved in:
Bibliographic Details
Published in:China communications 2021-09, Vol.18 (9), p.192-209
Main Authors: Luo, Yuan, Cheng, Long, Liang, Yu, Fu, Jianming, Peng, Guojun
Format: Article
Language:English
Subjects:
Anomaly detection
cyber-physical systems
Data integrity
data integrity attacks
Data models
Detectors
Noise measurement
Robot sensing systems
Sparse matrices
Citations: Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cyber-physical systems (CPS) have been widely deployed in critical infrastructures and are vulnerable to various attacks. Data integrity attacks manipulate sensor measurements and cause control systems to fail, which are one of the prominent threats to CPS. Anomaly detection methods are proposed to secure CPS. However, existing anomaly detection studies usually require expert knowledge (e.g., system model-based) or are lack of interpretability (e.g., deep learning-based). In this paper, we present Deepnoise, a deep learning-based anomaly detection method for CPS with interpretability. Specifically, we utilize the sensor and process noise to detect data integrity attacks. Such noise represents the intrinsic characteristics of physical devices and the production process in CPS. One key enabler is that we use a robust deep autoencoder to automatically extract the noise from measurement data. Further, an LSTM-based detector is designed to inspect the obtained noise and detect anomalies. Data integrity attacks change noise patterns and thus are identified as the root cause of anomalies by Deepnoise. Evaluated on the SWaT testbed, Deep-noise achieves higher accuracy and recall compared with state-of-the-art model-based and deep learning-based methods. On average, when detecting direct attacks, the precision is 95.47%, the recall is 96.58%, and F is 95.98%. When detecting stealthy attacks, precision, recall, and F scores are between 96% and 99.5%.
ISSN:1673-5447
DOI:10.23919/JCC.2021.09.015