Learning to Detect Anomalies in Cyber Physical Systems with Generative Adversarial Networks on Networked Sensor Time Series Data

Interests:<br>
Security solutions, consultancy, training

A project by
NUS Institute of Data Science and ST Electronics (Info-Security)

Motivation

The emergence of Internet of Things (IoT) has led to more and more systems and devices being sensorized and coming online, communicating and operating autonomously. Ensuring the security for these cyber-physical systems (CPS) becomes very challenging due to the increasing complexities in the CPSs. Current detection techniques that employ simple comparison between the present states and predicted normal ranges for anomaly detection are inadequate to address the highly dynamic behaviors of the systems.

The project developed a machine learning method based on Generative Adversarial Networks (GANs) to detect anomalies in CPSs.

Achievements

The project developed an unsupervised multivariate anomaly detection method based on Generative Adversarial Networks (GANs), using the Long-Short-Term-Memory Recurrent Neural Networks (LSTM-RNN) deep learning model as the base models (namely, the generator and discriminator) in the GAN framework to effectively capture the temporal correlation of multiple time series distributions. Both the generator and discriminator produced by the GAN were fully exploited to detect anomalies by both discrimination and reconstruction.

The method used two recent datasets collected from real-world CPSs: the Secure Water Treatment (SWaT) and the Water Distribution (WADI) datasets from SUTD iTrust lab. In addition to having individual process-specific models (AD-GAN) for different processes in SWaT, the team also developed a unified model (MAD-GAN) for all processes, which takes into account the high coupling among the processes where attacks on one process influence other processes.

Experimental results showed that both GAN-based methods can detect anomalies caused by various cyber-intrusions. The unified MAD-GAN outperformed unsupervised methods such as PCA and KNN as well as the GA-based method EGAN (Houssam, 2018).

The work in this project has demonstrated that advanced AI algorithms such as GAN can be used exploit the rich sensor data that are becoming available to overcome the limitations of conventional techniques in dealing with the increasing complexities of cyber-physical systems. The AI techniques developed in this project could be further generalized for non-cybersecurity problems such as for preventive maintenance and fault diagnostics for broader application and impact in the age of Industry 4.0, as well as for detection of anomalies in non-CPS applications.

Publications

• AD-GAN: ICANN 2019 (GitHub)
• MAD-GAN: BIGMINE 2018 / Cornell University (GitHub)