Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

11-2017

Abstract

In this paper, we propose and evaluate the application of unsupervised machine learning to anomaly detection for a Cyber-Physical System (CPS). We compare two methods: Deep Neural Networks (DNN) adapted to time series data generated by a CPS, and one-class Support Vector Machines (SVM). These methods are evaluated against data from the Secure Water Treatment (SWaT) testbed, a scaled-down but fully operational raw water purification plant. For both methods, we first train detectors using a log generated by SWaT operating under normal conditions. Then, we evaluate the performance of both methods using a log generated by SWaT operating under 36 different attack scenarios. We find that our DNN generates fewer false positives than our one-class SVM while our SVM detects slightly more anomalies. Overall, our DNN has a slightly better F measure than our SVM. We discuss the characteristics of the DNN and one-class SVM used in this experiment, and compare the advantages and disadvantages of the two methods.

Keywords

Anomaly detection, Deep neural network, Machine learning, Support vector machine, Water treatment system

Discipline

Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

17th IEEE International Conference on Data Mining Workshops ICDMW 2017: 18-21 November, New Orleans, LA: Proceedings

First Page

1058

Last Page

1065

ISBN

9781538614808

Identifier

10.1109/ICDMW.2017.149

Publisher

IEEE Computer Society

City or Country

Los Alamitos, CA

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1109/ICDMW.2017.149

Download

Share

COinS