Loading…

Rethinking the Operation Pattern for Anomaly Detection in Industrial Cyber–Physical Systems

Anomaly detection has been proven to be an efficient way to detect malicious behaviour and cyberattacks in industrial cyber–physical systems (ICPSs). However, most detection models are not entirely adapted to the real world as they require intensive computational resources and labelled data and lack...

Full description

Saved in:
Bibliographic Details
Published in:Applied sciences 2023-03, Vol.13 (5), p.3244
Main Authors: Cheng, Zishuai, Cui, Baojiang, Fu, Junsong
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Anomaly detection has been proven to be an efficient way to detect malicious behaviour and cyberattacks in industrial cyber–physical systems (ICPSs). However, most detection models are not entirely adapted to the real world as they require intensive computational resources and labelled data and lack interpretability. This study investigated the traffic behaviour of a real coal mine system and proposed improved features to describe its operation pattern. Based on these features, this work combined the basic deterministic finite automaton (DFA) and normal distribution (ND) models to build an unsupervised anomaly detection model, which uses a hierarchical structure to pursue interpretability. To demonstrate its capability, this model was evaluated on real traffic and seven simulated attack types and further compared with nine state-of-the-art works. The evaluation and comparison results show that the proposed method achieved a 99% F1-score and is efficient in detecting sophisticated attacks. Furthermore, it achieved an average 17% increase in precision and a 12% increase in F1-Score compared to previous works. These results confirm the advantages of the proposed method. The work further suggests that future works should investigate operation pattern features rather than pursuing complex algorithms.
ISSN:2076-3417
2076-3417
DOI:10.3390/app13053244