research-article

Deep Learning-based Anomaly Detection in Cyber-physical Systems: Progress and Opportunities

Authors:

Danfeng (Daphne) YaoAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 54, Issue 5

Article No.: 106, Pages 1 - 36

https://doi.org/10.1145/3453155

Published: 25 May 2021 Publication History

Abstract

Anomaly detection is crucial to ensure the security of cyber-physical systems (CPS). However, due to the increasing complexity of CPSs and more sophisticated attacks, conventional anomaly detection methods, which face the growing volume of data and need domain-specific knowledge, cannot be directly applied to address these challenges. To this end, deep learning-based anomaly detection (DLAD) methods have been proposed. In this article, we review state-of-the-art DLAD methods in CPSs. We propose a taxonomy in terms of the type of anomalies, strategies, implementation, and evaluation metrics to understand the essential properties of current methods. Further, we utilize this taxonomy to identify and highlight new characteristics and designs in each CPS domain. Also, we discuss the limitations and open problems of these methods. Moreover, to give users insights into choosing proper DLAD methods in practice, we experimentally explore the characteristics of typical neural models, the workflow of DLAD methods, and the running performance of DL models. Finally, we discuss the deficiencies of DL approaches, our findings, and possible directions to improve DLAD methods and motivate future research.

References

[1]

Sebastian Berg. 2020. NumPy. https://numpy.org/.

[2]

Chuadhry Mujeeb Ahmed, Gauthama Raman M. R., and Aditya P. Mathur. 2020. Challenges in machine learning based approaches for real-time anomaly detection in industrial control systems. In Proceedings of the 6th ACM on Cyber-Physical System Security Workshop (Taipei, Taiwan) (CPSS ’20). Association for Computing Machinery, New York, NY, 23--29.

[3]

Salman Ahmed, Ya Xiao, Kevin Z. Snow, Gang Tan, Fabian Monrose, and Danfeng (Daphne) Yao. 2020. Methodologies for quantifying (re-)randomization security and timing under JIT-ROP. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’20). Association for Computing Machinery, New York, NY, 1803--1820.

Digital Library

[4]

Luai Al Shalabi and Zyad Shaaban. 2006. Normalization as a preprocessing engine for data mining and the approach of preference matrix. In Proceedings of the International Conference on Dependability of Computer Systems. IEEE, 207--214.

Digital Library

[5]

Mario Almeida, Stefanos Laskaridis, Ilias Leontiadis, Stylianos I. Venieris, and Nicholas D. Lane. 2019. EmBench: Quantifying performance variations of deep neural networks across modern commodity devices. In Proceedings of the 3rd International Workshop on Deep Learning for Mobile Systems and Applications. 1--6.

[6]

Kasun Amarasinghe and Milos Manic. 2018. Improving user trust on deep neural networks based intrusion detection systems. In Proceedings of the 44th Conference of the IEEE Industrial Electronics Society. IEEE, 3262--3268.

[7]

CNN. 2020. Car assembly line robot kills worker in Germany. Retrieved from: https://www.cnn.com/2015/07/02/europe/germany-volkswagen-robot-kills-worker/index.html.

[8]

T. Athay, R. Podmore, and S. Virmani. 1979. A practical method for the direct analysis of transient stability. IEEE Trans. Pow. Apparat. Syst.2 (1979), 573--584.

[9]

Arian Bär, Alessandro Finamore, Pedro Casas, Lukasz Golab, and Marco Mellia. 2014. Large-scale network traffic monitoring with DBStream, a system for rolling big data analysis. In Proceedings of the IEEE International Conference on Big Data (Big Data’14). IEEE, 165--170.

[10]

Sagnik Basumallik, Rui Ma, and Sara Eftekharnejad. 2019. Packet-data anomaly detection in PMU-based state estimator using convolutional neural network. Int. J. Electric. Power Energy Syst. 107 (2019), 690--702.

[11]

Debby Bezzina and James Sayer. 2014. Safety pilot model deployment: Test conductor team report. Report No. DOT HS 812 (2014), 171.

[12]

Karl Biron, Wael Bazzaza, Khalid Yaqoob, Amjad Gawanmeh, and Claude Fachkha. 2020. A big data fusion to profile CPS security threats against operational technology. In Proceedings of the IEEE 21st International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM’20). IEEE, 397--402.

[13]

Andrea Borghesi, Andrea Bartolini, Michele Lombardi, Michela Milano, and Luca Benini. 2019. Anomaly detection using autoencoders in high performance computing systems. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 33. 9428--9433.

Digital Library

[14]

Markus M. Breunig, Hans-Peter Kriegel, Raymond T. Ng, and Jörg Sander. 2000. LOF: Identifying density-based local outliers. In Proceedings of the ACM SIGMOD International Conference on Management of Data. 93--104.

Digital Library

[15]

Mikel Canizo, Isaac Triguero, Angel Conde, and Enrique Onieva. 2019. Multi-head CNN–RNN for multi-time series anomaly detection: An industrial case study. Neurocomputing 363 (2019), 246--260.

Digital Library

[16]

Z. Berkay Celik, Earlence Fernandes, Eric Pauley, Gang Tan, and Patrick McDaniel. 2019. Program analysis of commodity IoT applications for security and privacy: Challenges and opportunities. ACM Comput. Surv. 52, 4 (2019), 1--30.

Digital Library

[17]

Raghavendra Chalapathy and Sanjay Chawla. 2019. Deep learning for anomaly detection: A survey. arXiv preprint arXiv:1901.03407 (2019).

[18]

Varun Chandola, Arindam Banerjee, and Vipin Kumar. 2009. Anomaly detection: A survey. ACM Comput. Surv. 41, 3 (2009), 15.

Digital Library

[19]

Long Cheng, Ke Tian, and Danfeng Yao. 2017. Orpheus: Enforcing cyber-physical execution semantics to defend against data-oriented attacks. In Proceedings of the 33rd Computer Security Applications Conference. 315--326.

Digital Library

[20]

Yulia Cherdantseva, Pete Burnap, Andrew Blyth, Peter Eden, Kevin Jones, Hugh Soulsby, and Kristan Stoddart. 2016. A review of cyber security risk assessment methods for SCADA systems. Comput. Secur. 56 (2016), 1--27.

Digital Library

[21]

Kyong-Tak Cho and Kang G. Shin. 2016. Fingerprinting electronic control units for vehicle intrusion detection. In Proceedings of the 25th USENIX Security Symposium (USENIX Security’16). 911--927.

[22]

Alysha M. De Livera, Rob J. Hyndman, and Ralph D. Snyder. 2011. Forecasting time series with complex seasonal patterns using exponential smoothing. J. Amer. Statist. Assoc. 106, 496 (2011), 1513--1527.

[23]

Qingyu Deng and Jian Sun. 2018. False data injection attack detection in a power grid using RNN. In Proceedings of the 44th Conference of the IEEE Industrial Electronics Society. IEEE, 5983--5988.

[24]

Min Du, Feifei Li, Guineng Zheng, and Vivek Srikumar. 2017. DeepLog: Anomaly detection and diagnosis from system logs through deep learning. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1285--1298.

Digital Library

[25]

Benedikt Eiteneuer, Nemanja Hranisavljevic, and Oliver Niggemann. 2019. Dimensionality reduction and anomaly detection for CPPS data using autoencoder.

[26]

Mellitus Ezeme, Akramul Azim, and Qusay H. Mahmoud. 2017. An imputation-based augmented anomaly detection from large traces of operating system events. In Proceedings of the 4th IEEE/ACM International Conference on Big Data Computing, Applications and Technologies. 43--52.

[27]

Mellitus O. Ezeme, Qusay H. Mahmoud, and Akramul Azim. 2018. Hierarchical attention-based anomaly detection model for embedded operating systems. In Proceedings of the IEEE 24th International Conference on Embedded and Real-time Computing Systems and Applications (RTCSA’18). IEEE, 225--231.

[28]

Okwudili M. Ezeme, Michael Lescisin, Qusay H. Mahmoud, and Akramul Azim. 2019. DeepAnom: An ensemble deep framework for anomaly detection in system processes. In Proceedings of the Canadian Conference on Artificial Intelligence. Springer, 549--555.

Digital Library

[29]

Okwudili M. Ezeme, Qusay H. Mahmoud, and Akramul Azim. 2019. Dream: Deep recursive attentive model for anomaly detection in kernel events. IEEE Access 7 (2019), 18860--18870.

[30]

Cheng Fan, Fu Xiao, Yang Zhao, and Jiayuan Wang. 2018. Analytical investigation of autoencoder-based methods for unsupervised anomaly detection in building energy data. Appl. Energy 211 (2018), 1123--1135.

[31]

Cheng Feng, Tingting Li, and Deeph Chana. 2017. Multi-level anomaly detection in industrial control systems via package signatures and LSTM networks. In Proceedings of the 47th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’17). IEEE, 261--272.

[32]

P. Ferrari, S. Rinaldi, E. Sisinni, F. Colombo, F. Ghelfi, D. Maffei, and M. Malara. 2019. Performance evaluation of full-cloud and edge-cloud architectures for industrial IoT anomaly detection based on deep learning. In Proceedings of the Workshop on Metrology for Industry 4.0 and IoT (MetroInd4.0 & IoT’19). IEEE, 420--425.

[33]

FireEye. 2020. A View into the Top 20 Cyber Attacks on ICS Networks | FireEye. Retrieved from: https://www.fireeye.com/solutions/industrial-systems-and-critical-infrastructure-security/wp-top-20-cyberattacks.html.

[34]

Flightradar24. 2019. Live Flight Tracker - Real-Time Flight Tracker Map. Retrieved from: https://www.flightradar24.com/.

[35]

Amin Ghafouri, Waseem Abbas, Aron Laszka, Yevgeniy Vorobeychik, and Xenofon Koutsoukos. 2016. Optimal thresholds for anomaly-based intrusion detection in dynamical environments. In Proceedings of the International Conference on Decision and Game Theory for Security. Springer, 415--434.

Digital Library

[36]

Jairo Giraldo, David Urbina, Alvaro Cardenas, Junia Valente, Mustafa Faisal, Justin Ruths, Nils Ole Tippenhauer, Henrik Sandberg, and Richard Candell. 2018. A survey of physics-based attack detection in cyber-physical systems. ACM Comput. Surv. 51, 4 (2018), 1--36.

Digital Library

[37]

Ioana Giurgiu and Anika Schumann. 2019. Additive explanations for anomalies detected from multivariate temporal data. In Proceedings of the 28th ACM International Conference on Information and Knowledge Management. 2245--2248.

Digital Library

[38]

Jonathan Goh, Sridhar Adepu, Khurum Nazir Junejo, and Aditya Mathur. 2016. A dataset to support research in the design of secure water treatment systems. In Proceedings of the International Conference on Critical Information Infrastructures Security. Springer, 88--99.

[39]

Jonathan Goh, Sridhar Adepu, Marcus Tan, and Zi Shan Lee. 2017. Anomaly detection in cyber physical systems using recurrent neural networks. In Proceedings of the IEEE 18th International Symposium on High Assurance Systems Engineering (HASE’17). IEEE, 140--145.

[40]

Dong Gong, Lingqiao Liu, Vuong Le, Budhaditya Saha, Moussa Reda Mansour, Svetha Venkatesh, and Anton van den Hengel. 2019. Memorizing normality to detect anomaly: Memory-augmented deep autoencoder for unsupervised anomaly detection. In Proceedings of the IEEE International Conference on Computer Vision. 1705--1714.

[41]

Lachlan Gunn, Peter Smet, Edward Arbon, and Mark D. McDonnell. 2018. Anomaly detection in satellite communications systems using LSTM networks. In Proceedings of the Military Communications and Information Systems Conference (MilCIS’18). IEEE, 1--6.

[42]

Edan Habler and Asaf Shabtai. 2018. Using LSTM encoder-decoder algorithm for detecting anomalous ADS-B messages. Comput. Secur. 78 (2018), 155--173.

[43]

Waqas Haider, Jiankun Hu, Yi Xie, Xinghuo Yu, and Qianhong Wu. 2017. Detecting anomalous behavior in cloud servers by nested arc hidden SEMI-Markov model with state summarization. IEEE Trans. Big Data 5, 3 (2017).

[44]

Y. He, G. Meng, K. Chen, X. Hu, and J. He. 2020. Towards security threats of deep learning systems: A survey. IEEE Trans. Softw. Eng. (Nov. 2020).

[45]

Ryan Heartfield, George Loukas, Sanja Budimir, Anatolij Bezemskij, Johnny R. J. Fontaine, Avgoustinos Filippoupolitis, and Etienne Roesch. 2018. A taxonomy of cyber-physical threats and impact in the smart home. Comput. Secur. 78 (2018), 398--428.

[46]

Yi Huang, Mohammad Esmalifalak, Huy Nguyen, Rong Zheng, Zhu Han, Husheng Li, and Lingyang Song. 2013. Bad data injection in smart grid: Attack and defense mechanisms. IEEE Commun. Mag. 51, 1 (2013), 27--33.

[47]

Kyle Hundman, Valentino Constantinou, Christopher Laporte, Ian Colwell, and Tom Soderstrom. 2018. Detecting spacecraft anomalies using LSTMs and nonparametric dynamic thresholding. In Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. ACM, 387--395.

Digital Library

[48]

Jun Inoue, Yoriyuki Yamagata, Yuqi Chen, Christopher M. Poskitt, and Jun Sun. 2017. Anomaly detection for a water treatment system using unsupervised machine learning. In Proceedings of the IEEE International Conference on Data Mining Workshops (ICDMW’17). IEEE, 1058--1065.

[49]

Aya Abdelsalam Ismail, Mohamed Gunady, Hector Corrada Bravo, and Soheil Feizi. 2020. Benchmarking deep learning interpretability in time series predictions. Adv. Neural Inf. Proc. Syst. 33 (2020).

[50]

iTrust Labs. 2019. iTrust Labs_Dataset Info. Retrieved from: https://itrust.sutd.edu.sg/itrust_labs_datasets/dataset_info/#swat.

[51]

Camil Jichici, Bogdan Groza, and Pal-Stefan Murvay. 2018. Examining the use of neural networks for intrusion detection in controller area networks. In Proceedings of the International Conference on Security for Information Technology and Communications. Springer, 109--125.

[52]

Kaspersky. 2019. Threat landscape for industrial automation systems, H1 2019. Retrieved from: https://ics-cert.kaspersky.com/reports/2019/09/30/threat-landscape-for-industrial-automation-systems-h1-2019/.

[53]

Haider Adnan Khan, Nader Sehatbakhsh, Luong N. Nguyen, Milos Prvulovic, and Alenka Zajić. 2019. Malware detection in embedded systems using neural network model for electromagnetic side-channel signals. J. Hardw. Syst. Secur. 3, 4 (2019), 305--318.

[54]

Eshaan Khanapuri, Tarun Chintalapati, Rajnikant Sharma, and Ryan Gerdes. 2019. Learning-based adversarial agent detection and identification in cyber physical systems applied to autonomous vehicular platoon. In Proceedings of the IEEE/ACM 5th International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS’19). IEEE, 39--45.

Digital Library

[55]

Tung Kieu, Bin Yang, and Christian S. Jensen. 2018. Outlier detection for multidimensional time series using deep neural networks. In Proceedings of the 19th IEEE International Conference on Mobile Data Management (MDM’18). IEEE, 125--134.

[56]

Diederik P. Kingma and Max Welling. 2013. Auto-encoding variational bayes. arXiv preprint arXiv:1312.6114 (2013).

[57]

Oliver Kosut, Liyan Jia, Robert J. Thomas, and Lang Tong. 2011. Malicious data attacks on the smart grid. IEEE Trans. Smart Grid 2, 4 (2011), 645--658.

[58]

Moshe Kravchik and Asaf Shabtai. 2018. Detecting cyber attacks in industrial control systems using convolutional neural networks. In Proceedings of the Workshop on Cyber-physical Systems Security and PrivaCy. ACM, 72--83.

Digital Library

[59]

Adrien Legrand, Brad Niepceron, Alain Cournier, and Harold Trannois. 2018. Study of autoencoder neural networks for anomaly detection in connected buildings. In Proceedings of the IEEE Global Conference on Internet of Things (GCIoT’18). IEEE, 1--5.

[60]

Dan Li, Dacheng Chen, Baihong Jin, Lei Shi, Jonathan Goh, and See-Kiong Ng. 2019. MAD-GAN: Multivariate anomaly detection for time series data with generative adversarial networks. In Proceedings of the International Conference on Artificial Neural Networks. Springer, 703--716.

Digital Library

[61]

Yidong Li, Li Zhang, Zhuo Lv, and Wei Wang. 2021. Detecting anomalies in intelligent vehicle charging and station power supply systems with multi-head attention models. IEEE Trans. Intell. Transport. Syst. 22, 1 (2021), 555--564.

Digital Library

[62]

Zhe Li, Jingyue Li, Yi Wang, and Kesheng Wang. 2019. A deep learning approach for anomaly detection based on SAE and LSTM in mechanical equipment. Int. J. Adv. Manuf. Technol. 103, 1 (2019), 499--510.

[63]

Benjamin Lindemann, Fabian Fesenmayr, Nasser Jazdi, and Michael Weyrich. 2019. Anomaly detection in discrete manufacturing using self-learning approaches. Procedia CIRP 79 (2019), 313--318.

[64]

Yao Liu, Peng Ning, and Michael K. Reiter. 2011. False data injection attacks against state estimation in electric power grids. ACM Trans. Inf. Syst. Secur. 14, 1 (2011), 13.

Digital Library

[65]

Yuriy Zacchia Lun, Alessandro D’Innocenzo, Francesco Smarra, Ivano Malavolta, and Maria Domenica Di Benedetto. 2019. State of the art of cyber-physical systems security: An automatic control perspective. J. Syst. Softw. 149 (2019), 174--216.

[66]

Larry M. Manevitz and Malik Yousef. 2001. One-class SVMs for document classification. J. Mach. Learn. Res. 2, Dec. (2001), 139--154.

[67]

Aditya P. Mathur and Nils Ole Tippenhauer. 2016. SWaT: A water treatment testbed for research and training on ICS security. In Proceedings of the International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater’16). IEEE, 31--36.

[68]

MATPOWER. 2019. Open-source tools for electric power system simulation and optimization. Retrieved from: https://matpower.org/.

[69]

Dongyu Meng and Hao Chen. 2017. Magnet: A two-pronged defense against adversarial examples. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 135--147.

Digital Library

[70]

Robert Mitchell and Ing-Ray Chen. 2014. A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. 46, 4 (2014), 1--29.

Digital Library

[71]

Yilin Mo and Bruno Sinopoli. 2010. False data injection attacks in control systems. In Preprints of the 1st Workshop on Secure Control Systems. 1--6.

[72]

Yilin Mo and Bruno Sinopoli. 2012. Integrity attacks on cyber-physical systems. In Proceedings of the 1st International Conference on High Confidence Networked Systems. 47--54.

Digital Library

[73]

Mehdi Mohammadi, Ala Al-Fuqaha, Sameh Sorour, and Mohsen Guizani. 2018. Deep learning for IoT big data and streaming analytics: A survey. IEEE Commun. Surv. Tutor. 20, 4 (2018), 2923--2960.

Digital Library

[74]

Khosrow Moslehi and Ranjit Kumar. 2010. A reliability perspective of the smart grid. IEEE Trans. Smart Grid 1, 1 (2010), 57--64.

[75]

Anvardh Nanduri and Lance Sherry. 2016. Anomaly detection in aircraft data using recurrent neural networks (RNN). In Proceedings of the Integrated Communications Navigation and Surveillance (ICNS’16). IEEE, 5C2--1.

[76]

Sandeep Nair Narayanan, Anupam Joshi, and Ranjan Bose. 2020. ABATe: Automatic behavioral abstraction technique to detect anomalies in smartcyber-physical systems. IEEE Trans. Depend. Sec. Comput. (2020).

[77]

Sajid Nazir, Shushma Patel, and Dilip Patel. 2017. Assessing and augmenting SCADA cyber security: A survey of techniques. Comput. Secur. 70 (2017), 436--454.

[78]

Xiangyu Niu, Jiangnan Li, Jinyuan Sun, and Kevin Tomsovic. 2019. Dynamic detection of false data injection attack in smart grid using deep learning. In Proceedings of the IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT’19). IEEE, 1--6.

[79]

Daehyung Park, Yuuna Hoshi, and Charles C. Kemp. 2018. A multimodal anomaly detector for robot-assisted feeding using an LSTM-based variational autoencoder. IEEE Robot. Automat. Lett. 3, 3 (2018), 1544--1551.

[80]

Neehar Peri, Pirazh Khorramshahi, Sai Saketh Rambhatla, Vineet Shenoy, Saumya Rawat, Jun-Cheng Chen, and Rama Chellappa. 2020. Towards real-time systems for vehicle re-identification, multi-camera tracking, and anomaly detection. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops. 622--623.

[81]

Eric Ras, Fridolin Wild, Christoph Stahl, and Alexandre Baudet. 2017. Bridging the skills gap of workers in Industry 4.0 by human performance augmentation tools: Challenges and roadmap. In Proceedings of the 10th International Conference on PErvasive Technologies Related to Assistive Environments. 428--432.

Digital Library

[82]

Orbis Research. 2020. Global Cyber Physical System Market 2020 by Company, Regions, Type and Application, Forecast to 2025 | Orbis Research. Retrieved from: https://www.orbisresearch.com/reports/index/global-cyber-physical-system-market-2020-by-company-regions-type-and-application-forecast-to-2025.

[83]

Danilo Jimenez Rezende and Shakir Mohamed. 2015. Variational inference with normalizing flows. arXiv preprint arXiv:1505.05770 (2015).

[84]

Michele Russo, Maxime Labonne, Alexis Olivereau, and Mohammad Rmayti. 2018. Anomaly detection in vehicle-to-infrastructure communications. In Proceedings of the IEEE 87th Vehicular Technology Conference (VTC Spring’18). IEEE, 1--6.

[85]

Ahmed Salem, Apratim Bhattacharya, Michael Backes, Mario Fritz, and Yang Zhang. 2020. Updates-leak: Data set inference and reconstruction attacks in online learning. In Proceedings of the 29th USENIX Security Symposium (USENIX Security’20). 1291--1308.

[86]

Mahmoud Salem, Mark Crowley, and Sebastian Fischmeister. 2016. Anomaly detection using inter-arrival curves for real-time systems. In Proceedings of the 28th Euromicro Conference on Real-Time Systems (ECRTS’16). IEEE, 97--106.

[87]

Jürgen Schmidhuber. 2015. Deep learning in neural networks: An overview. Neural Netw. 61 (2015), 85--117.

Digital Library

[88]

Peter Schneider and Konstantin Böttinger. 2018. High-performance unsupervised anomaly detection for cyber-physical system networks. In Proceedings of the Workshop on Cyber-physical Systems Security and PrivaCy. ACM, 1--12.

Digital Library

[89]

Xiaokui Shu, Danfeng Yao, and Naren Ramakrishnan. 2015. Unearthing stealthy program attacks buried in extremely long execution paths. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 401--413.

Digital Library

[90]

Alban Siffer, Pierre-Alain Fouque, Alexandre Termier, and Christine Largouet. 2017. Anomaly detection in streams with extreme value theory. In Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 1067--1075.

Digital Library

[91]

Prabhu Teja Sivaprasad, Florian Mai, Thijs Vogels, Martin Jaggi, and Francois Fleuret. 2020. Optimizer benchmarking needs to account for hyperparameter tuning. In Proceedings of the International Conference on Machine Learning. PMLR, 9036--9045.

[92]

Ya Su, Youjian Zhao, Chenhao Niu, Rong Liu, Wei Sun, and Dan Pei. 2019. Robust anomaly detection for multivariate time series through stochastic recurrent neural network. In Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. ACM, 2828--2837.

Digital Library

[93]

Shahroz Tariq, Sangyup Lee, Youjin Shin, Myeong Shin Lee, Okchul Jung, Daewon Chung, and Simon S. Woo. 2019. Detecting anomalies in space using multivariate convolutional LSTM with mixtures of probabilistic PCA. In Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. ACM, 2123--2133.

[94]

Norman L. Tasfi, Wilson A. Higashino, Katarina Grolinger, and Miriam A. M. Capretz. 2017. Deep neural networks with confidence sampling for electrical anomaly detection. In Proceedings of the IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE, 1038--1045.

[95]

Adrian Taylor, Sylvain Leblanc, and Nathalie Japkowicz. 2016. Anomaly detection in automobile control network data with long short-term memory networks. In Proceedings of the IEEE International Conference on Data Science and Advanced Analytics (DSAA’16). IEEE, 130--139.

[96]

Keras Team. 2019. Keras documentation: About Keras. Retrieved from https://keras.io/about/.

[97]

Franco van Wyk, Yiyang Wang, Anahita Khojandi, and Neda Masoud. 2019. Real-time sensor anomaly detection and identification in automated vehicles. IEEE Trans. Intell. Transport. Syst. 21, 3 (2019), 1264--1276.

[98]

Eric Veith, Lars Fischer, Martin Tröschel, and Astrid Nieße. 2019. Analyzing cyber-physical systems from the perspective of artificial intelligence. arXiv preprint arXiv:1908.11779 (2019).

[99]

Bolun Wang, Yuanshun Yao, Bimal Viswanath, Haitao Zheng, and Ben Y. Zhao. 2018. With great training comes great vulnerability: Practical attacks against transfer learning. In Proceedings of the 27th USENIX Security Symposium (USENIXSecurity’18). 1281--1297.

[100]

Huaizhi Wang, Jiaqi Ruan, Zhengwei Ma, Bin Zhou, Xueqian Fu, and Guangzhong Cao. 2019. Deep learning aided interval state prediction for improving cyber security in energy internet. Energy 174 (2019), 1292--1304.

[101]

Jingyu Wang, Dongyuan Shi, Yinhong Li, Jinfu Chen, Hongfa Ding, and Xianzhong Duan. 2018. Distributed framework for detecting PMU data manipulation attacks with deep autoencoders. IEEE Trans. Smart Grid 10, 4 (2018), 4401--4410.

[102]

Wenye Wang and Zhuo Lu. 2013. Cyber security in the smart grid: Survey and challenges. Comput. Netw. 57, 5 (2013), 1344--1371.

[103]

Xiaofei Wang, Yiwen Han, Chenyang Wang, Qiyang Zhao, Xu Chen, and Min Chen. 2019. In-edge AI: Intelligentizing mobile edge computing, caching and communication by federated learning. IEEE Netw. 33, 5 (2019), 156--165.

Digital Library

[104]

Yawei Wang, Donghui Chen, Cheng Zhang, Xi Chen, Baogui Huang, and Xiuzhen Cheng. 2019. Wide and recurrent neural networks for detection of false data injection in smart grids. In Proceedings of the International Conference on Wireless Algorithms, Systems, and Applications. Springer, 335--345.

[105]

Wikipedia. 2020. December 2015 Ukraine power grid cyberattack. Retrieved from: https://en.wikipedia.org/w/index.php?title=December_2015_Ukraine_power_grid_cyberattack&oldid=920905638.

[106]

Wikipedia. 2020. List of self-driving car fatalities. Retrieved from: https://en.wikipedia.org/w/index.php?title=List_of_self-driving_car_fatalities&oldid=928100815.

[107]

Wikipedia. 2020. Stuxnet. Retrieved from: https://en.wikipedia.org/w/index.php?title=Stuxnet&oldid=939556423.

[108]

Zhenyu Wu, Yang Guo, Wenfang Lin, Shuyang Yu, and Yang Ji. 2018. A weighted deep representation learning model for imbalanced fault diagnosis in cyber-physical systems. Sensors 18, 4 (2018), 1096.

[109]

Yu-jun Xiao, Wen-yuan Xu, Zhen-hua Jia, Zhuo-ran Ma, and Dong-lian Qi. 2017. NIPAD: A non-invasive power-based anomaly detection scheme for programmable logic controllers. Front. Inf. Technol. Electron. Eng. 18, 4 (2017), 519--534.

[110]

Le Xie, Yilin Mo, and Bruno Sinopoli. 2010. False data injection attacks in electricity markets. In Proceedings of the 1st IEEE International Conference on Smart Grid Communications. IEEE, 226--231.

[111]

Guowen Xu, Hongwei Li, Hao Ren, Kan Yang, and Robert H. Deng. 2019. Data security issues in deep learning: Attacks, countermeasures, and opportunities. IEEE Commun. Mag. 57, 11 (2019), 116--122.

Digital Library

[112]

Kui Xu, Ke Tian, Danfeng Yao, and Barbara G. Ryder. 2016. A sharper sense of self: Probabilistic reasoning of program behaviors for anomaly detection with context sensitivity. In Proceedings of the 46th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’16). IEEE, 467--478.

[113]

Danfeng Yao, Xiaokui Shu, Long Cheng, and Salvatore J. Stolfo. 2017. Anomaly detection as a service: Challenges, advances, and opportunities. Synth. Lect. Inf. Secur., Priv., Trust 9, 3 (2017), 1--173.

[114]

Houssam Zenati, Chuan Sheng Foo, Bruno Lecouat, Gaurav Manek, and Vijay Ramaseshan Chandrasekhar. 2018. Efficient GAN-based anomaly detection. arXiv preprint arXiv:1802.06222 (2018).

[115]

Chuxu Zhang, Dongjin Song, Yuncong Chen, Xinyang Feng, Cristian Lumezanu, Wei Cheng, Jingchao Ni, Bo Zong, Haifeng Chen, and Nitesh V. Chawla. 2019. A deep neural network for unsupervised anomaly detection and diagnosis in multivariate time series data. In Proceedings of the AAAI Conference on Artificial Intelligence. 1409--1416.

[116]

Hao Zhang, Danfeng Daphne Yao, Naren Ramakrishnan, and Zhibin Zhang. 2016. Causality reasoning about network events for detecting stealthy malware activities. Comput. Secur. 58 (2016), 180--198.

Digital Library

[117]

Mu Zhang, Chien-Ying Chen, Bin-Chou Kao, Yassine Qamsane, Yuru Shao, Yikai Lin, Elaine Shi, Sibin Mohan, Kira Barton, James Moyne et al. 2019. Towards automated safety vetting of PLC code in real-world plants. In Proceedings of the IEEE Symposium on Security and Privacy (SP’19). IEEE, 522--538.

[118]

Xinyang Zhang, Ningfei Wang, Hua Shen, Shouling Ji, Xiapu Luo, and Ting Wang. 2020. Interpretable deep learning under fire. In Proceedings of the 29th USENIX Security Symposium (USENIX Security’20).

Digital Library

[119]

Y. Zhang, V. V. G. Krishnan, J. Pi, K. Kaur, A. Srivastava, A. Hahn, and S. Suresh. 2019. Cyber physical security analytics for transactive energy systems. IEEE Trans. Smart Grid 11, 2 (2019), 931--941.

[120]

Konglin Zhu, Zhicheng Chen, Yuyang Peng, and Lin Zhang. 2019. Mobile edge assisted literal multi-dimensional anomaly detection of in-vehicle network using LSTM. IEEE Trans.Vehic. Technol. 68, 5 (2019), 4275--4284.

[121]

Zahra Zohrevand, Uwe Glässer, Mohammad A. Tayebi, Hamed Yaghoubi Shahir, Mehdi Shirmaleki, and Amir Yaghoubi Shahir. 2017. Deep learning based forecasting of critical infrastructure data. In Proceedings of the ACM on Conference on Information and Knowledge Management. ACM, 1129--1138.

Digital Library

[122]

Bo Zong, Qi Song, Martin Renqiang Min, Wei Cheng, Cristian Lumezanu, Daeki Cho, and Haifeng Chen. 2018. Deep autoencoding Gaussian mixture model for unsupervised anomaly detection. In Proceedings of the 6th International Conference on Learning Representations (ICLR'18).

Cited By

Tahril RLasbahani AJarrar ABalouki Y(2024)Using Deep Learning Algorithm in Security InformaticsInternational Journal of Innovative Science and Research Technology (IJISRT)10.38124/ijisrt/IJISRT24APR2271(2933-2944)Online publication date: 21-May-2024
https://doi.org/10.38124/ijisrt/IJISRT24APR2271
Ahmad IWan ZAhmad AUllah S(2024)A Hybrid Optimization Model for Efficient Detection and Classification of Malware in the Internet of ThingsMathematics10.3390/math1210143712:10(1437)Online publication date: 7-May-2024
https://doi.org/10.3390/math12101437
Yang DYang SQu JWang K(2024)A Multivariate Time Series Prediction Method for Automotive Controller Area Network Bus DataElectronics10.3390/electronics1314270713:14(2707)Online publication date: 10-Jul-2024
https://doi.org/10.3390/electronics13142707
Show More Cited By

Index Terms

Deep Learning-based Anomaly Detection in Cyber-physical Systems: Progress and Opportunities
1. Computer systems organization
  1. Embedded and cyber-physical systems
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation

Recommendations

Time Series Anomaly Detection for Cyber-physical Systems via Neural System Identification and Bayesian Filtering
KDD '21: Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining

Recent advances in AIoT technologies have led to an increasing popularity of utilizing machine learning algorithms to detect operational failures for cyber-physical systems (CPS). In its basic form, an anomaly detection module monitors the sensor ...
Deep Learning for Anomaly Detection
WSDM '20: Proceedings of the 13th International Conference on Web Search and Data Mining

Anomaly detection has been widely studied and used in diverse applications. Building an effective anomaly detection system requires the researchers/developers to learn the complex structure from noisy data, identify the dynamic anomaly patterns and ...
A hybrid behavior- and Bayesian network-based framework for cyber–physical anomaly detection
Abstract
In recent years, the increasing Internet connectivity and heterogeneity of industrial protocols have been raising the number and nature of cyber-attacks against Industrial Control Systems (ICS). Such cyber-attacks may lead to cyber anomalies and ...
Highlights
- Hybrid behavior- and Bayesian network-based cyber–physical anomaly detection.
- Hybrid anomaly detection framework based on both cyber and physical data from ICS.
- Identification of cyber, physical and cyber–physical anomalies in ICS.

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 54, Issue 5

June 2022

719 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3467690

Editor:
Albert Zomaya
University of Sydney, Australia

Issue’s Table of Contents

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 May 2021

Accepted: 01 February 2021

Revised: 01 December 2020

Received: 01 March 2020

Published in CSUR Volume 54, Issue 5

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Commonwealth Cyber Initiative (CCI)
National Natural Science Foundation of China

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

132
Total Citations
View Citations
2,928
Total Downloads

Downloads (Last 12 months)665
Downloads (Last 6 weeks)89

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Tahril RLasbahani AJarrar ABalouki Y(2024)Using Deep Learning Algorithm in Security InformaticsInternational Journal of Innovative Science and Research Technology (IJISRT)10.38124/ijisrt/IJISRT24APR2271(2933-2944)Online publication date: 21-May-2024
https://doi.org/10.38124/ijisrt/IJISRT24APR2271
Ahmad IWan ZAhmad AUllah S(2024)A Hybrid Optimization Model for Efficient Detection and Classification of Malware in the Internet of ThingsMathematics10.3390/math1210143712:10(1437)Online publication date: 7-May-2024
https://doi.org/10.3390/math12101437
Yang DYang SQu JWang K(2024)A Multivariate Time Series Prediction Method for Automotive Controller Area Network Bus DataElectronics10.3390/electronics1314270713:14(2707)Online publication date: 10-Jul-2024
https://doi.org/10.3390/electronics13142707
Wang YJiang ZWang YYang CZou L(2024)Intelligent detection of foreign objects over coal flow based on improved GANomalyJournal of Intelligent & Fuzzy Systems10.3233/JIFS-23064746:3(5841-5851)Online publication date: 5-Mar-2024
https://doi.org/10.3233/JIFS-230647
Sulieman MLiu MGursoy MKong F(2024)Path Planning for UAVs under GPS Permanent FaultsACM Transactions on Cyber-Physical Systems10.1145/36530748:3(1-23)Online publication date: 20-Mar-2024
https://dl.acm.org/doi/10.1145/3653074
Kumar ADas TPandey RZhou JChattopadhyay S(2024)SRI: A Simple Rule Induction Method for improving resiliency of DNN based IDS against adversarial and zero-day attacksProceedings of the 10th ACM Cyber-Physical System Security Workshop10.1145/3626205.3659146(24-35)Online publication date: 2-Jul-2024
https://dl.acm.org/doi/10.1145/3626205.3659146
Cai JWei ZLuo J(2024)ICS Anomaly Detection Based on Sensor Patterns and Actuator Rules in Spatiotemporal DependencyIEEE Transactions on Industrial Informatics10.1109/TII.2024.339352820:8(10647-10656)Online publication date: Aug-2024
https://doi.org/10.1109/TII.2024.3393528
Zhang LBurbano LChen XCardenas ADrager SAnderson MKong F(2024)Fast Attack Recovery for Stochastic Cyber-Physical Systems2024 IEEE 30th Real-Time and Embedded Technology and Applications Symposium (RTAS)10.1109/RTAS61025.2024.00030(280-293)Online publication date: 13-May-2024
https://doi.org/10.1109/RTAS61025.2024.00030
Manta-Costa AAraújo SPeres RBarata J(2024)Machine Learning Applications in Manufacturing—Challenges, Trends, and Future DirectionsIEEE Open Journal of the Industrial Electronics Society10.1109/OJIES.2024.34312405(1085-1103)Online publication date: 2024
https://doi.org/10.1109/OJIES.2024.3431240
Battista Gaggero GArmellin AFerro GRobba MGirdinio PMarchese M(2024)BESS-Set: A Dataset for Cybersecurity Monitoring in a Battery Energy Storage SystemIEEE Open Access Journal of Power and Energy10.1109/OAJPE.2024.343985611(362-372)Online publication date: 2024
https://doi.org/10.1109/OAJPE.2024.3439856
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents