A Hybrid Physics-Based Data-Driven Framework for Anomaly Detection in Industrial Control Systems
提出一种名为PbNN的方法,利用工业控制系统的设计知识和运行数据,通过深度卷积神经网络学习组件间复杂关系,在真实水处理厂中检测网络物理攻击,优于现有机器学习异常检测器。
A method referred to as PbNN is proposed to detect cyber-physical attacks through the identification of resulting anomalies in the process dynamics of the underlying ICS. Unlike existing anomaly detectors based on an abstract knowledge acquired from operational data, PbNN utilizes the design knowledge of ICS to learn the complex relationships among the correlated components. Such relationships are accurately modeled using operational data through the application of the deep convolution neural network. The proposed detector was implemented and evaluated in an operational secure water treatment plant by launching several real-time stealthy and coordinated attacks. The results indicate that PbNN outperforms the existing state-of-the-art machine learning anomaly detectors when compared using detection accuracy and the rate of false alarms.